guid for powershell commands (#358)

mondoohq · Feb 22, 2024 · 23407ea · 23407ea
1 parent a1940b1
commit 23407ea
Showing 1 changed file with 27 additions and 27 deletions.
diff --git a/core/mondoo-windows-security.mql.yaml b/core/mondoo-windows-security.mql.yaml
@@ -520,7 +520,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9217-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-application-group-management-is-set-to-success-and-failure
     title: Ensure 'Audit Application Group Management' is set to 'Success and Failure'
@@ -586,7 +586,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9239-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-audit-policy-change-is-set-to-include-success
     title: Ensure 'Audit Audit Policy Change' is set to include 'Success'
@@ -666,7 +666,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE922F-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-authentication-policy-change-is-set-to-include-success
     title: Ensure 'Audit Authentication Policy Change' is set to include 'Success'
@@ -739,7 +739,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9230-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-authorization-policy-change-is-set-to-include-success
     title: Ensure 'Audit Authorization Policy Change' is set to include 'Success'
@@ -806,7 +806,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Authorization Policy Change" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9231-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-credential-validation-is-set-to-success-and-failure
     title: Ensure 'Audit Credential Validation' is set to 'Success and Failure'
@@ -872,7 +872,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE923F-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-detailed-file-share-is-set-to-include-failure
     title: Ensure 'Audit Detailed File Share' is set to include 'Failure'
@@ -935,7 +935,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Detailed File Share" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9244-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-file-share-is-set-to-success-and-failure
     title: Ensure 'Audit File Share' is set to 'Success and Failure'
@@ -999,7 +999,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"File Share" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9224-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-force-audit-policy-subcategory-settings-windows-vista-or-later-to-override
     title: 'Ensure ''Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'' is set to ''Enabled'''
@@ -1111,7 +1111,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Group Membership" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9249-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-ipsec-driver-is-set-to-success-and-failure
     title: Ensure 'Audit IPsec Driver' is set to 'Success and Failure'
@@ -1184,7 +1184,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"IPsec Driver" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9213-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-logoff-is-set-to-include-success
     title: Ensure 'Audit Logoff' is set to include 'Success'
@@ -1248,7 +1248,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Logoff" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9216-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-logon-is-set-to-success-and-failure
     title: Ensure 'Audit Logon' is set to 'Success and Failure'
@@ -1314,7 +1314,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Logon" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9215-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-mpssvc-rule-level-policy-change-is-set-to-success-and-failure
     title: Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure'
@@ -1391,7 +1391,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9232-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-other-logonlogoff-events-is-set-to-success-and-failure
     title: Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'
@@ -1463,7 +1463,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Other Logon/Logoff Events" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE921C-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-other-object-access-events-is-set-to-success-and-failure
     title: Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'
@@ -1538,7 +1538,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Other Object Access Events" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9227-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-other-policy-change-events-is-set-to-include-failure
     title: Ensure 'Audit Other Policy Change Events' is set to include 'Failure'
@@ -1609,7 +1609,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Other Policy Change Events" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9234-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-other-system-events-is-set-to-success-and-failure
     title: Ensure 'Audit Other System Events' is set to 'Success and Failure'
@@ -1684,7 +1684,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Other System Events" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9214-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-pnp-activity-is-set-to-include-success
     title: Ensure 'Audit PNP Activity' is set to include 'Success'
@@ -1748,7 +1748,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Plug and Play Events" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9248-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-process-creation-is-set-to-include-success
     title: Ensure 'Audit Process Creation' is set to include 'Success'
@@ -1815,7 +1815,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Process Creation" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE922B-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-removable-storage-is-set-to-success-and-failure
     title: Ensure 'Audit Removable Storage' is set to 'Success and Failure'
@@ -1879,7 +1879,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Removable Storage" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9245-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-security-group-management-is-set-to-include-success
     title: Ensure 'Audit Security Group Management' is set to include 'Success'
@@ -1957,7 +1957,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9237-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-security-state-change-is-set-to-include-success
     title: Ensure 'Audit Security State Change' is set to include 'Success'
@@ -2023,7 +2023,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9210-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-security-system-extension-is-set-to-include-success
     title: Ensure 'Audit Security System Extension' is set to include 'Success'
@@ -2090,7 +2090,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9211-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-sensitive-privilege-use-is-set-to-success-and-failure
     title: Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'
@@ -2171,7 +2171,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Sensitive Privilege Use" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9228-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-shut-down-system-immediately-if-unable-to-log-security-audits
     title: 'Ensure ''Audit: Shut down system immediately if unable to log security audits'' is set to ''Disabled'''
@@ -2279,7 +2279,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"Special Logon" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE921B-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-system-integrity-is-set-to-success-and-failure
     title: Ensure 'Audit System Integrity' is set to 'Success and Failure'
@@ -2351,7 +2351,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9212-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-audit-user-account-management-is-set-to-success-and-failure
     title: Ensure 'Audit User Account Management' is set to 'Success and Failure'
@@ -2429,7 +2429,7 @@ queries:
             To establish the recommended configuration via PowerShell, run the following commands:
 
             ```powershell
-            Auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable
+            Auditpol /set /subcategory:"{0CCE9235-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable
             ```
   - uid: mondoo-windows-security-configure-smb-v1-client-driver-is-set-to-enabled-disable-driver-recommended
     title: 'Ensure ''Configure SMB v1 client driver'' is set to ''Enabled: Disable driver (recommended)'''