Audix - A Powershell Instrument To Rapidly Design The Window Occasion Review Strategies For Security Screen by Carders Forum 2024
Audix will take into account the Basic setup of Windows Occasion Review Approaches. Window's Review Strategies are confined of course. This intends that for Occurrence Responders, Blue Teamers, CISO's and individuals hoping to screen their current circumstance through utilization of Windows Occasion Logs, should arrange the review strategy settings to give further developed logging.
This utility, intends to catch the ongoing review strategy setting, play out a reinforcement of it (incase a reestablish to past state is required) and apply a further developed Review Strategy setting to consider better recognition capacity. Furthermore, it will uphold review strategy subcategories to guarantee that these development setting continue. There is likewise a setting to change the logging size limit.
A few instances of empowered strategy settings that Audix will empower:
-Occasion ID: 4698-4702 (A planned undertaking was made/refreshed/crippled)
-Occasion ID: 4688 (another cycle has been made.)
Running Audix
Git Clone the repo
git clone https://github.com/littl3field/Audix.git
Explore to the organizer and execute the order in your terminal. You should guarantee you have Manager freedoms to do this.
.\Audix.ps1
Improvement
I will add these settings as vital:
Increment logging size limit (DONE)
Uphold review strategy subcategory setting (DONE)
Add reestablish choice
GPO Setting Arrangement
If it's not too much trouble, note: This device will just change the neighborhood security strategy. Whenever applied to a host with a GPO setting, it is ideal to involve similar settings in a Gathering Strategy default profile so all frameworks get the equivalent config. In the event that the GPO profile isn't changed to meet these settings, a GPO power will supersede it.
Download
