CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 17:22:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
fukusuket
2025-03-14 23:03:52 +09:00
parent b67bc8a0a8
commit f2ec67e0ab
1 changed files with 29 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
WELA.ps1
View File

@@ -1,4 +1,30 @@
# Set the console encoding to UTF-8 function Get-ApplicableRules {
param (
[string]$outputPath,
[string]$jsonPath
)
$extractedGuids = [System.Collections.Generic.HashSet[string]]::new()
Get-Content -Path $outputPath | Select-String -NotMatch "No Auditing" | ForEach-Object {
if ($_ -match '{(.*?)}') {
[void]$extractedGuids.Add($matches[1])
}
}
$jsonContent = Get-Content -Path $jsonPath -Raw | ConvertFrom-Json
foreach ($rule in $jsonContent) {
$rule | Add-Member -MemberType NoteProperty -Name "applicable" -Value $false
foreach ($guid in $rule.subcategory_guids) {
if ($extractedGuids.Contains($guid)) {
$rule.applicable = $true
break
}
}
}
return $jsonContent
}
# Set the console encoding to UTF-8
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8 [Console]::OutputEncoding = [System.Text.Encoding]::UTF8
# Step 1: Run the auditpol command using cmd.exe and redirect its output to a file # Step 1: Run the auditpol command using cmd.exe and redirect its output to a file
@@ -18,29 +44,8 @@ $logo = @"
Write-Host $logo -ForegroundColor Green Write-Host $logo -ForegroundColor Green
$auditpolOutput = Get-Content -Path $outputFilePath # Step 3: Get the applicable rules
$filteredOutput = $auditpolOutput | Select-String -NotMatch "No Auditing" $rules = Get-ApplicableRules -outputFilePath $outputFilePath -jsonFilePath "./config/security_rules.json"
$extractedStrings = [System.Collections.Generic.HashSet[string]]::new()
$filteredOutput | ForEach-Object {
if ($_ -match '{(.*?)}') {
[void]$extractedStrings.Add($matches[1])
}
}
# Step 2: Read the rules from security_rules.json
$jsonFilePath = "./config/security_rules.json"
$jsonContent = Get-Content -Path $jsonFilePath -Raw | ConvertFrom-Json
foreach ($rule in $jsonContent) {
$rule | Add-Member -MemberType NoteProperty -Name "applicable" -Value $false
foreach ($guid in $rule.subcategory_guids) {
if ($extractedStrings.Contains($guid)) {
$rule.applicable = $true
break
}
}
}
$rules = $jsonContent
# Step 4: Count the number of usable and unusable rules for each level # Step 4: Count the number of usable and unusable rules for each level
$usableSecRules = $rules | Where-Object { $_.applicable -eq $true -and $_.channel -eq "sec" } $usableSecRules = $rules | Where-Object { $_.applicable -eq $true -and $_.channel -eq "sec" }