Command Usage¶

audit-settings¶

The audit-settings command checks the Windows event log audit policy settings and compares them with the recommended settings from Yamato Security, Microsoft(Sever/Client), and Australian Signals Directorate (ASD). RuleCount indicates the number of Sigma rules that can detect events within that category.

`audit-settings` command examples¶

Check with the default Yamato Security's recommended settings and save results to CSV:

./WELA.ps1 audit-settings -Baseline YamatoSecurity

Check with the Australian Signals Directorate's recommended settings and save results to CSV:

./WELA.ps1 audit-settings -Baseline ASD

Check with Microsoft's recommended Server OS settings and display results in a GUI:

./WELA.ps1 audit-settings -Baseline Microsoft_Server -OutType gui

Check with Microsoft's recommended Client OS settings and display results in table format:

./WELA.ps1 audit-settings -Baseline Microsoft_Client -OutType table

audit-filesize¶

The audit-filesize command checks the Windows event logs' file size and compares them with the recommended settings from Yamato Security's recommendations.

`audit-filesize` command examples¶

Check the Windows event log file size with Yamato Security's recommendations and save results to CSV:

./WELA.ps1 audit-filesize -Baseline YamatoSecurity

configure¶

The configure command sets the recommended Windows event log audit policy and file size.

`configure` command examples¶

Apply Yamato Security's recommended settings (with confirmation prompt before changing settings):

./WELA.ps1 configure -Baseline YamatoSecurity

Apply Australian Signals Directorate's recommended settings without confirmation prompt:

./WELA.ps1 configure -Baseline ASD -auto

update-rules¶

`update-rules` command examples¶

Update WELA's Sigma rules config files:

./WELA.ps1 update-rules

Command Usage¶

audit-settings¶

audit-settings command examples¶