id: network-discovery-public-disabled

info:
  name: Network Discovery Disabled on Public Networks
  author: princechaddha
  severity: medium
  description: Checks if network discovery is disabled on all public networks.
  impact: |
    Disabling network discovery on public networks reduces the system's visibility and minimizes the attack surface, preventing potential unauthorized access.
  remediation: |
    Ensure network discovery remains disabled on public networks to maintain secure network configurations.
  tags: network,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      if (-not (Get-NetConnectionProfile | Where-Object { $_.NetworkCategory -eq 'Public' -and $_.NetworkDiscovery -eq 'Discoverable' })) { "Network Discovery is disabled on all Public networks" }

    matchers:
      - type: word
        words:
          - "Network Discovery is disabled on all Public networks"
# digest: 4b0a00483046022100c8f8692f4b032c3f72047cfa5a5e68ada55d8bf4f3def3a630ffecec9fd52cda022100a8daa946988b856f48378a9b8730a69ade02a20fec204011fa4b52ee8494d94d:922c64590222798bb761d5b6d8e72950