From f920e9aaf6ce9ca6d0bd59222c51ade48bd8f639 Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Thu, 23 Oct 2025 23:19:51 +0900 Subject: [PATCH] fix: add Help switch to WELA.ps1 for usage instructions in audit commands --- WELA.ps1 | 51 +++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/WELA.ps1 b/WELA.ps1 index cfe5709d..1001a4e5 100644 --- a/WELA.ps1 +++ b/WELA.ps1 @@ -3,7 +3,8 @@ [string]$OutType = "std", [bool]$Debug = $false, [string]$Baseline, - [switch]$Auto + [switch]$Auto, + [switch]$Help ) class WELA { @@ -5796,7 +5797,7 @@ $logo = @" "@ -$help = @" +$usage = @" Usage: ./WELA.ps1 audit-settings -Baseline YamatoSecurity # Audit current setting and show in stdout, save to csv ./WELA.ps1 audit-settings -Baseline ASD -OutType gui # Audit current setting and show in gui, save to csv @@ -5813,6 +5814,17 @@ Write-Host $logo -ForegroundColor Green switch ($Cmd.ToLower()) { "audit-settings" { + if ($Help) { + Write-Host "Audit current Windows Event Log settings and compare with baseline" + Write-Host "" + Write-Host "Usage: ./WELA.ps1 audit-settings -Baseline [-OutType ]" + Write-Host "" + Write-Host "Options:" + Write-Host " -Baseline Specify the baseline (YamatoSecurity, ASD, Microsoft_Client, Microsoft_Server)" + Write-Host " -OutType Output type: std (default) or gui or table" + Write-Host "" + return + } if ([string]::IsNullOrEmpty($Baseline)) { $Baseline = "YamatoSecurity" } @@ -5824,10 +5836,31 @@ switch ($Cmd.ToLower()) { AuditLogSetting $OutType $Baseline $Debug } "audit-filesize" { + if ($Help) { + Write-Host "Audit current Windows Event Log file sizes" + Write-Host "" + Write-Host "Usage: ./WELA.ps1 audit-filesize -Baseline " + Write-Host "" + Write-Host "Options:" + Write-Host " -Baseline Specify the baseline (YamatoSecurity)" + Write-Host "" + return + } AuditFileSize } "configure" { + if ($Help) { + Write-Host "Configure Windows Event Log audit settings based on specified baseline" + Write-Host "" + Write-Host "Usage: ./WELA.ps1 configure -Baseline [-Auto]" + Write-Host "" + Write-Host "Options:" + Write-Host " -Baseline Specify the baseline (YamatoSecurity)" + Write-Host " -Auto Automatically configure without prompts" + Write-Host "" + return + } if ([string]::IsNullOrEmpty($Baseline)) { Write-Host "You need to specify a baseline. The following baselines are available:" Write-Host " * YamatoSecurity" @@ -5835,19 +5868,29 @@ switch ($Cmd.ToLower()) { Write-Host "Examples: " Write-Host "./WELA.ps1 configure -Baseline YamatoSecurity" Write-Host "./WELA.ps1 configure -Baseline YamatoSecurity -Auto" + Write-Host "" break } ConfigureAuditSettings -Baseline $Baseline -Auto:$Auto } "update-rules" { + if ($Help) { + Write-Host "Update detection rule configuration files from GitHub repository" + Write-Host "" + Write-Host "Usage: ./WELA.ps1 update-rules" + Write-Host "" + Write-Host "Download and update rule configuration files from GitHub repository" + Write-Host "" + return + } UpdateRules } "help" { - Write-Host $help + Write-Host $usage } default { Write-Host "Invalid command. Use 'help' to see available commands." - Write-Host $help + Write-Host $usage } } \ No newline at end of file