admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9ea5b414b83ef07ef151ed8a22beec305d6acae0
nuclei-templates/code/windows/audit/audit-logging-disabled.yaml
Prince Chaddha 9ea5b414b8 misc changes + added profile
2024-10-24 13:54:16 +07:00

38 lines
1.1 KiB
YAML
Raw Blame History

id: audit-logging-disabled
info:
name: Audit Logging Disabled
author: princechaddha
severity: high
description: Check if audit logging for critical events is disabled.
impact: |
Disabling audit logging can lead to a lack of traceability for security incidents and breaches.
remediation: |
Enable audit logging for all critical security events to maintain a proper audit trail.
tags: windows,audit-logging,security,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
AuditPol /get /category:"Account Logon"
AuditPol /get /category:"Account Management"
matchers:
- type: word
words:
- "User Account Management No Auditing"
- "Computer Account Management No Auditing"
- "Security Group Management No Auditing"
- "Credential Validation No Auditing"
- "Kerberos Authentication Service No Auditing"
Reference in New Issue View Git Blame Copy Permalink