Show-Contributors JP translation

Yamato-Security · May 24, 2021 · 829547c · 829547c
1 parent c694eb1
commit 829547c
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 27 deletions.
diff --git a/Config/Language/en.ps1 b/Config/Language/en.ps1
@@ -325,3 +325,12 @@ $Create_LogonTimeline_TypeOther = "Other Type Logons:"
 
 
 
+#function Show-Contributors
+$Show_Contributors =
+"Contributors:
+
+DustInDark - Localization, Japanese Translations
+Tsubokku - Japanese Translations
+
+Please contribute to this project for fame and glory!
+"
diff --git a/Config/Language/ja.ps1 b/Config/Language/ja.ps1
@@ -326,3 +326,12 @@ $Create_LogonTimeline_Type12 = "タイプ 12 キャッシュされた認証情
 $Create_LogonTimeline_Type13 = "タイプ 13 キャッシュされた認証情報によるロック解除のログオン (例：DCに接続できない場合のロック解除またはRDP再接続):"
 $Create_LogonTimeline_TypeOther = "その他のタイプのログオン:"
 
+#function Show-Contributors
+$Show_Contributors =
+"コントリビューター:
+
+DustInDark - ローカライゼーション、和訳
+つぼっく - 和訳
+
+コントリビューターを募集しています！
+"
diff --git a/yea-security-timeline.ps1 b/yea-security-timeline.ps1
@@ -25,6 +25,7 @@ https://github.com/yamatosecurity
 # 
 # Inspired by Eric Conrad's DeepBlueCLI (https://github.com/sans-blue-team/DeepBlueCLI)
 # Much help from the Windows Event Log Analysis Cheatsheets by Steve Anson (https://www.forwarddefense.com/en/article/references-pdf)
+# and event log info from www.ultimatewindowssecurity.com
 
 param (
     [bool]$Japanese = $false,
@@ -53,10 +54,7 @@ $ProgramStartTime = Get-Date
 #Functions:
 function Show-Contributors {
     Write-Host 
-    Write-Host "Contributors:"
-    Write-Host "DustInDark - Localization"
-    Write-Host
-    Write-Host "Please contribute to this project for fame and glory!"
+    Write-Host $Show_Contributors -ForegroundColor Cyan
     Write-Host
 }
 
@@ -184,6 +182,8 @@ if ( $EuropeDateFormat -eq $true ) {
 } 
 
 function EventInfo ($eventIDNumber) {
+# TODO
+# - Add all security event IDs from https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx
 
     [hashtable]$return = @{}
 
@@ -269,7 +269,7 @@ function EventInfo ($eventIDNumber) {
 
 function Create-EventIDStatistics {
 
-    #TODO:
+    # TODO:
     # - Implement save-output
     # - Add comments to event IDs
     # - Explicitly output results in a table
@@ -609,8 +609,7 @@ function Create-LogonTimeline {
             }
 
         }
-
-
+
     }  
 
     foreach ( $event in $logs ) {
@@ -1106,26 +1105,6 @@ function Create-Timeline {
 
             $timestamp = $event.TimeCreated.ToString($DateFormat) 
 
-
-            #Filter out SYSTEM, DWM-X, DefaultAppPool, IUSR and machine accounts (ending in $) Not using the SubectUserName anymore as an attacker could create a username as DWM-1, etc.. and bypass detection.
-            <#
-            if ($msgSubjectUserName -ne "SYSTEM" -and 
-            $msgSubjectUserName -ne "IUSR" -and 
-            $msgSubjectUserName -ne "DWM-1" -and 
-            $msgSubjectUserName -ne "DWM-2" -and 
-            $msgSubjectUserName -ne "DWM-3" -and 
-            $msgSubjectUserName -ne "DWM-4" -and 
-            $msgSubjectUserName -ne "DWM-5" -and
-            $msgSubjectUserName -ne "DWM-6" -and
-            $msgSubjectUserName -ne "LOCAL SERVICE" -and 
-            $msgSubjectUserName -ne "NETWORK SERVICE" -and
-            $msgSubjectUserName -ne "DefaultAppPool" -and
-            $msgSubjectUserName[-1] -ne "$" 
-            ){
-                $printMSG = " 4672 - ADMIN LOGON by user: $msgSubjectUserName Logon ID: $msgSubjectLogonId"
-            }
-            #>
-
             if ($msgSubjectDomainName -ne "NT AUTHORITY" -and
                 $msgSubjectDomainName -ne "Window Manager" -and 
                 $msgSubjectDomainName -ne "IIS APPPOOL" -and