code/windows/audit/network-discovery-public-enabled.yaml

id: network-discovery-public-disabled

info:
  name: Network Discovery Disabled on Public Networks
  author: princechaddha
  severity: medium
  description: Checks if network discovery is disabled on all public networks.
  impact: |
    Disabling network discovery on public networks reduces the system's visibility and minimizes the attack surface, preventing potential unauthorized access.
  remediation: |
    Ensure network discovery remains disabled on public networks to maintain secure network configurations.
  tags: network,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      if (-not (Get-NetConnectionProfile | Where-Object { $_.NetworkCategory -eq 'Public' -and $_.NetworkDiscovery -eq 'Discoverable' })) { "Network Discovery is disabled on all Public networks" }

    matchers:
      - type: word
        words:
          - "Network Discovery is disabled on all Public networks"
# digest: 4b0a00483046022100c8f8692f4b032c3f72047cfa5a5e68ada55d8bf4f3def3a630ffecec9fd52cda022100a8daa946988b856f48378a9b8730a69ade02a20fec204011fa4b52ee8494d94d:922c64590222798bb761d5b6d8e72950
Windows Security Hardening and Auditing Checks 2024-10-24 11:17:52 +07:00			`id: network-discovery-public-disabled`

			`info:`
			`name: Network Discovery Disabled on Public Networks`
			`author: princechaddha`
			`severity: medium`
			`description: Checks if network discovery is disabled on all public networks.`
			`impact: \|`
			`Disabling network discovery on public networks reduces the system's visibility and minimizes the attack surface, preventing potential unauthorized access.`
			`remediation: \|`
			`Ensure network discovery remains disabled on public networks to maintain secure network configurations.`
			`tags: network,code,windows-audit`

			`self-contained: true`

			`code:`
			`- pre-condition: \|`
			`IsWindows();`
			`engine:`
			`- powershell`
			`- powershell.exe`
			`args:`
			`- -ExecutionPolicy`
			`- Bypass`
			`pattern: "*.ps1"`
			`source: \|`
			`if (-not (Get-NetConnectionProfile \| Where-Object { $_.NetworkCategory -eq 'Public' -and $_.NetworkDiscovery -eq 'Discoverable' })) { "Network Discovery is disabled on all Public networks" }`

			`matchers:`
			`- type: word`
			`words:`
chore: sign templates 🤖 2024-11-27 08:16:07 +00:00			`- "Network Discovery is disabled on all Public networks"`
chore: sign templates 🤖 2024-12-02 11:38:21 +00:00			`# digest: 4b0a00483046022100c8f8692f4b032c3f72047cfa5a5e68ada55d8bf4f3def3a630ffecec9fd52cda022100a8daa946988b856f48378a9b8730a69ade02a20fec204011fa4b52ee8494d94d:922c64590222798bb761d5b6d8e72950`