mirror of
https://github.com/Yamato-Security/WELA.git
synced 2026-07-03 23:48:10 +02:00
a95f0f5eec
Add a documentation website under website/, built from README.md and README-Japanese.md and laid out with top-tab topics and a left sidebar (same style as the Hayabusa docs). Designed to be hosted free on GitHub Pages. - Pages: Overview (About, Features, Screenshots), Getting Started, Commands (Command List, Command Usage), Resources (Companion Projects, Other Resources, Changelog, Contributing) - Custom landing page, theme, click-to-zoom screenshots - Changelog synced from CHANGELOG.md at build time - 15-language switcher via mkdocs-static-i18n: English + Japanese full content; the other 13 localize the UI and fall back to English until translated - .github/workflows/docs.yml builds (mkdocs --strict) + deploys to GitHub Pages Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
56 lines
2.3 KiB
Markdown
56 lines
2.3 KiB
Markdown
# Command Usage
|
|
## audit-settings
|
|
The `audit-settings` command checks the Windows event log audit policy settings and compares them with the recommended settings from [Yamato Security](https://github.com/Yamato-Security/EnableWindowsLogSettings), [Microsoft(Sever/Client)](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations), and [Australian Signals Directorate (ASD)](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding).
|
|
`RuleCount` indicates the number of [Sigma rules](https://github.com/SigmaHQ/sigma) that can detect events within that category.
|
|
|
|
### `audit-settings` command examples
|
|
Check with the default Yamato Security's recommended settings and save results to CSV:
|
|
```
|
|
./WELA.ps1 audit-settings -Baseline YamatoSecurity
|
|
```
|
|
|
|
Check with the Australian Signals Directorate's recommended settings and save results to CSV:
|
|
```
|
|
./WELA.ps1 audit-settings -Baseline ASD
|
|
```
|
|
|
|
Check with Microsoft's recommended Server OS settings and display results in a GUI:
|
|
```
|
|
./WELA.ps1 audit-settings -Baseline Microsoft_Server -OutType gui
|
|
```
|
|
|
|
Check with Microsoft's recommended Client OS settings and display results in table format:
|
|
```
|
|
./WELA.ps1 audit-settings -Baseline Microsoft_Client -OutType table
|
|
```
|
|
|
|
## audit-filesize
|
|
The `audit-filesize` command checks the Windows event logs' file size and compares them with the recommended settings from Yamato Security's recommendations.
|
|
|
|
### `audit-filesize` command examples
|
|
Check the Windows event log file size with Yamato Security's recommendations and save results to CSV:
|
|
```
|
|
./WELA.ps1 audit-filesize -Baseline YamatoSecurity
|
|
```
|
|
|
|
## configure
|
|
The `configure` command sets the recommended Windows event log audit policy and file size.
|
|
|
|
#### `configure` command examples
|
|
Apply Yamato Security's recommended settings (with confirmation prompt before changing settings):
|
|
```
|
|
./WELA.ps1 configure -Baseline YamatoSecurity
|
|
```
|
|
|
|
Apply Australian Signals Directorate's recommended settings without confirmation prompt:
|
|
```
|
|
./WELA.ps1 configure -Baseline ASD -auto
|
|
```
|
|
|
|
## update-rules
|
|
#### `update-rules` command examples
|
|
Update WELA's Sigma rules config files:
|
|
```
|
|
./WELA.ps1 update-rules
|
|
```
|