Home

Awesome

Set-AuditRule

Open_Threat_Research Community Open Source Love svg1

A repository of useful access control entries (ACE) that could be added to the system access control list (SACL) of a securable object's security descriptor to monitor potential adversarial activity. These entries are categorized by specific securable objects such as files, registry keys and Active Directory objects. In addition, this project comes with a PowerShell script that will help you to set the audit rules in a programmatic way at scale. The script also leverages PowerShell dynamic parameters to provide auto-complete capabilities and provide the values needed for each flag directly from the access control and directory service classes.

Goals

References

Authors

Contributing

If you have an audit rule that you believe is useful in your environment to monitor and detect potential adversarial activity and would like to share it with the community, feel free to open a PR!

License: GPL-3.0

Set-AuditRule's GNU General Public License