Files
Shirofune-Security a95f0f5eec docs: add Material for MkDocs documentation site (English + Japanese)
Add a documentation website under website/, built from README.md and
README-Japanese.md and laid out with top-tab topics and a left sidebar (same
style as the Hayabusa docs). Designed to be hosted free on GitHub Pages.

- Pages: Overview (About, Features, Screenshots), Getting Started, Commands
  (Command List, Command Usage), Resources (Companion Projects, Other
  Resources, Changelog, Contributing)
- Custom landing page, theme, click-to-zoom screenshots
- Changelog synced from CHANGELOG.md at build time
- 15-language switcher via mkdocs-static-i18n: English + Japanese full content;
  the other 13 localize the UI and fall back to English until translated
- .github/workflows/docs.yml builds (mkdocs --strict) + deploys to GitHub Pages

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 09:50:48 +09:00

56 lines
2.3 KiB
Markdown

# Command Usage
## audit-settings
The `audit-settings` command checks the Windows event log audit policy settings and compares them with the recommended settings from [Yamato Security](https://github.com/Yamato-Security/EnableWindowsLogSettings), [Microsoft(Sever/Client)](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations), and [Australian Signals Directorate (ASD)](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding).
`RuleCount` indicates the number of [Sigma rules](https://github.com/SigmaHQ/sigma) that can detect events within that category.
### `audit-settings` command examples
Check with the default Yamato Security's recommended settings and save results to CSV:
```
./WELA.ps1 audit-settings -Baseline YamatoSecurity
```
Check with the Australian Signals Directorate's recommended settings and save results to CSV:
```
./WELA.ps1 audit-settings -Baseline ASD
```
Check with Microsoft's recommended Server OS settings and display results in a GUI:
```
./WELA.ps1 audit-settings -Baseline Microsoft_Server -OutType gui
```
Check with Microsoft's recommended Client OS settings and display results in table format:
```
./WELA.ps1 audit-settings -Baseline Microsoft_Client -OutType table
```
## audit-filesize
The `audit-filesize` command checks the Windows event logs' file size and compares them with the recommended settings from Yamato Security's recommendations.
### `audit-filesize` command examples
Check the Windows event log file size with Yamato Security's recommendations and save results to CSV:
```
./WELA.ps1 audit-filesize -Baseline YamatoSecurity
```
## configure
The `configure` command sets the recommended Windows event log audit policy and file size.
#### `configure` command examples
Apply Yamato Security's recommended settings (with confirmation prompt before changing settings):
```
./WELA.ps1 configure -Baseline YamatoSecurity
```
Apply Australian Signals Directorate's recommended settings without confirmation prompt:
```
./WELA.ps1 configure -Baseline ASD -auto
```
## update-rules
#### `update-rules` command examples
Update WELA's Sigma rules config files:
```
./WELA.ps1 update-rules
```