From 23407eaec5a55f59560091b2707111145da37484 Mon Sep 17 00:00:00 2001 From: Christian Gross Date: Thu, 22 Feb 2024 15:36:31 +0100 Subject: [PATCH] guid for powershell commands (#358) --- core/mondoo-windows-security.mql.yaml | 54 +++++++++++++-------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/core/mondoo-windows-security.mql.yaml b/core/mondoo-windows-security.mql.yaml index c06f404c..964d31aa 100644 --- a/core/mondoo-windows-security.mql.yaml +++ b/core/mondoo-windows-security.mql.yaml @@ -520,7 +520,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9217-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-application-group-management-is-set-to-success-and-failure title: Ensure 'Audit Application Group Management' is set to 'Success and Failure' @@ -586,7 +586,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9239-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-audit-policy-change-is-set-to-include-success title: Ensure 'Audit Audit Policy Change' is set to include 'Success' @@ -666,7 +666,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE922F-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-authentication-policy-change-is-set-to-include-success title: Ensure 'Audit Authentication Policy Change' is set to include 'Success' @@ -739,7 +739,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9230-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-authorization-policy-change-is-set-to-include-success title: Ensure 'Audit Authorization Policy Change' is set to include 'Success' @@ -806,7 +806,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Authorization Policy Change" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9231-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-credential-validation-is-set-to-success-and-failure title: Ensure 'Audit Credential Validation' is set to 'Success and Failure' @@ -872,7 +872,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE923F-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-detailed-file-share-is-set-to-include-failure title: Ensure 'Audit Detailed File Share' is set to include 'Failure' @@ -935,7 +935,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Detailed File Share" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9244-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-file-share-is-set-to-success-and-failure title: Ensure 'Audit File Share' is set to 'Success and Failure' @@ -999,7 +999,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"File Share" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9224-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-force-audit-policy-subcategory-settings-windows-vista-or-later-to-override title: 'Ensure ''Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'' is set to ''Enabled''' @@ -1111,7 +1111,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Group Membership" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9249-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-ipsec-driver-is-set-to-success-and-failure title: Ensure 'Audit IPsec Driver' is set to 'Success and Failure' @@ -1184,7 +1184,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"IPsec Driver" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9213-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-logoff-is-set-to-include-success title: Ensure 'Audit Logoff' is set to include 'Success' @@ -1248,7 +1248,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Logoff" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9216-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-logon-is-set-to-success-and-failure title: Ensure 'Audit Logon' is set to 'Success and Failure' @@ -1314,7 +1314,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Logon" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9215-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-mpssvc-rule-level-policy-change-is-set-to-success-and-failure title: Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' @@ -1391,7 +1391,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9232-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-other-logonlogoff-events-is-set-to-success-and-failure title: Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure' @@ -1463,7 +1463,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Other Logon/Logoff Events" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE921C-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-other-object-access-events-is-set-to-success-and-failure title: Ensure 'Audit Other Object Access Events' is set to 'Success and Failure' @@ -1538,7 +1538,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Other Object Access Events" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9227-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-other-policy-change-events-is-set-to-include-failure title: Ensure 'Audit Other Policy Change Events' is set to include 'Failure' @@ -1609,7 +1609,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Other Policy Change Events" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9234-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-other-system-events-is-set-to-success-and-failure title: Ensure 'Audit Other System Events' is set to 'Success and Failure' @@ -1684,7 +1684,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Other System Events" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9214-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-pnp-activity-is-set-to-include-success title: Ensure 'Audit PNP Activity' is set to include 'Success' @@ -1748,7 +1748,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Plug and Play Events" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9248-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-process-creation-is-set-to-include-success title: Ensure 'Audit Process Creation' is set to include 'Success' @@ -1815,7 +1815,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Process Creation" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE922B-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-removable-storage-is-set-to-success-and-failure title: Ensure 'Audit Removable Storage' is set to 'Success and Failure' @@ -1879,7 +1879,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Removable Storage" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9245-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-security-group-management-is-set-to-include-success title: Ensure 'Audit Security Group Management' is set to include 'Success' @@ -1957,7 +1957,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9237-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-security-state-change-is-set-to-include-success title: Ensure 'Audit Security State Change' is set to include 'Success' @@ -2023,7 +2023,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9210-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-security-system-extension-is-set-to-include-success title: Ensure 'Audit Security System Extension' is set to include 'Success' @@ -2090,7 +2090,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9211-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-sensitive-privilege-use-is-set-to-success-and-failure title: Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure' @@ -2171,7 +2171,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Sensitive Privilege Use" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9228-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-shut-down-system-immediately-if-unable-to-log-security-audits title: 'Ensure ''Audit: Shut down system immediately if unable to log security audits'' is set to ''Disabled''' @@ -2279,7 +2279,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"Special Logon" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE921B-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-system-integrity-is-set-to-success-and-failure title: Ensure 'Audit System Integrity' is set to 'Success and Failure' @@ -2351,7 +2351,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9212-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-audit-user-account-management-is-set-to-success-and-failure title: Ensure 'Audit User Account Management' is set to 'Success and Failure' @@ -2429,7 +2429,7 @@ queries: To establish the recommended configuration via PowerShell, run the following commands: ```powershell - Auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable + Auditpol /set /subcategory:"{0CCE9235-69AE-11D9-BED3-505054503030}" /success:enable /failure:enable ``` - uid: mondoo-windows-security-configure-smb-v1-client-driver-is-set-to-enabled-disable-driver-recommended title: 'Ensure ''Configure SMB v1 client driver'' is set to ''Enabled: Disable driver (recommended)'''