mirror of
https://github.com/Yamato-Security/WELA.git
synced 2026-01-12 11:11:24 +01:00
38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
name: Check audit setting
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
matrix:
|
|
os: [windows-2019, windows-2022, windows-2025]
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: auditpol /list /subcategory:* /r
|
|
run: auditpol /list /subcategory:* /r
|
|
|
|
- name: auditpol /get /category:*
|
|
run: auditpol /get /category:*
|
|
|
|
- name: Get-WinEvent -ListLog * | Select-Object LogName, MaximumSizeInBytes
|
|
run: Get-WinEvent -ListLog * | Select-Object LogName, MaximumSizeInBytes
|
|
|
|
- name: Get-WinEvent -ListProvider *
|
|
run: (Get-WinEvent -ListProvider Microsoft-Windows-Security-Auditing).Events | ForEach-Object { [PSCustomObject]@{EventID=$_.Id; Description=($_.Description -replace "`r`n", " ") -replace "\..*", ""} }
|
|
|
|
- name: Checkout self repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Load audit settings(json)
|
|
run: |
|
|
$audit_settings = Get-Content -Path ./config/hayabusa_rules_meta.json -Raw | ConvertFrom-Json
|
|
$audit_settings
|
|
|
|
- name: Load audit settings(csv)
|
|
run: |
|
|
$audit_settings = Import-Csv .config/eid_subcategory_mapping.csv
|
|
$audit_settings |