mirror of
https://github.com/Yamato-Security/WELA.git
synced 2025-12-06 09:12:46 +01:00
64 lines
1.9 KiB
YAML
64 lines
1.9 KiB
YAML
name: Check audit setting
|
|
|
|
on:
|
|
push:
|
|
branches: [ "*" ]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
matrix:
|
|
os: [windows-2019, windows-2022, windows-2025]
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# - name: auditpol /list /subcategory:* /r
|
|
# run: auditpol /list /subcategory:* /r
|
|
#
|
|
# - name: auditpol /get /category:*
|
|
# run: auditpol /get /category:*
|
|
#
|
|
# - name: Get-WinEvent -ListLog * | Select-Object LogName, MaximumSizeInBytes
|
|
# run: Get-WinEvent -ListLog * | Select-Object LogName, MaximumSizeInBytes
|
|
#
|
|
# - name: Get-WinEvent -ListProvider *
|
|
# run: (Get-WinEvent -ListProvider Microsoft-Windows-Security-Auditing).Events | ForEach-Object { [PSCustomObject]@{EventID=$_.Id; Description=($_.Description -replace "`r`n", " ") -replace "\..*", ""} }
|
|
#
|
|
# - name: Checkout self repository
|
|
# uses: actions/checkout@v4
|
|
#
|
|
# - name: Load audit settings(json)
|
|
# run: |
|
|
# $startTime = Get-Date
|
|
# $audit_settings = Get-Content -Path ./config/security_rules.json -Raw | ConvertFrom-Json
|
|
# $audit_settings
|
|
# $endTime = Get-Date
|
|
# $duration = $endTime - $startTime
|
|
# Write-Output "Duration: $duration"
|
|
#
|
|
# - name: Load audit settings(csv)
|
|
# run: |
|
|
# $startTime = Get-Date
|
|
# $audit_settings = Import-Csv ./config/eid_subcategory_mapping.csv
|
|
# $audit_settings
|
|
# $endTime = Get-Date
|
|
# $duration = $endTime - $startTime
|
|
# Write-Output "Duration: $duration"
|
|
|
|
- name: Run WELA.ps1 audit-settings
|
|
run: |
|
|
./WELA.ps1 audit-settings
|
|
|
|
- name: Run WELA.ps1 audit-filesize
|
|
run: |
|
|
./WELA.ps1 audit-filesize
|
|
|
|
- name: Output UsableRules.csv
|
|
run: |
|
|
Get-Content UsableRules.csv
|
|
|
|
- name: Output UnUsableRules.csv
|
|
run: |
|
|
Get-Content UnusableRules.csv |