-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: Win10 SCA checks #14090
Fix: Win10 SCA checks #14090
Conversation
4c4d972
to
ca8a074
Compare
ca8a074
to
046796e
Compare
Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com>
5cd6cac
to
2a00c95
Compare
Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com>
baac5d2
to
39c2900
Compare
032eca6
to
1dfc92f
Compare
86659e6
to
4c83f75
Compare
Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com>
7a9eff5
to
b716769
Compare
Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com>
b716769
to
2ac4652
Compare
…lt values Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com>
…to 13191-Update-Win10-SCA-vr-qa
Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFilePath -> r:System32\\logfiles\\firewall\\domainfw.log' | ||
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' | ||
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFilePath' | ||
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFilePath -> r:System32\logfiles\firewall\domainfw.log' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please add back \
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFilePath -> r:System32\logfiles\firewall\domainfw.log' | |
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFilePath -> r:System32\\logfiles\\firewall\\domainfw.log' |
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFilePath -> r:System32\\logfiles\\firewall\\privatefw.log' | ||
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' | ||
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFilePath' | ||
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFilePath -> r:System32\logfiles\firewall\privatefw.log' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add back \
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFilePath -> r:System32\logfiles\firewall\privatefw.log' | |
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFilePath -> r:System32\\logfiles\\firewall\\privatefw.log' |
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFilePath -> r:System32\\logfiles\\firewall\\publicfw.log' | ||
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' | ||
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFilePath' | ||
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFilePath -> r:System32\logfiles\firewall\publicfw.log' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add back \
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFilePath -> r:System32\logfiles\firewall\publicfw.log' | |
- 'r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFilePath -> r:System32\\logfiles\\firewall\\publicfw.log' |
* Updated Win 10 SCA using checks developed for Win 11 SCA - Both benchmarks have the same set of checks * Fixing typo in check 2.3.1.3 * Fixing wrong / characters in remediation text * Fixed CSC numbers to v8 in check 1.1.1 to 1.1.6 * Fixing error in 2.3.14.1 * Fixing error in 2.3.10.1 rationale * Fixing rule in 17.5.1 * Fixing cis compliance in 18.9.66.1 * Fixing 2.3.17.8 * Fixing 2.3.17.7 * Fixing 5.29 * Fixing 5.28 * Fix: Win10 SCA checks (#14090) * fix: win10 yaml format, cis_csc and 1.1.1-1.2.3 minnor fixes * fix: win10 fixes in description,tittle,rationale and rules * fix: win10 checks 2.3.14.1-5.29 * fix: errors in cis win10 rules 1.1-2.3.10.11 Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com> * fix: errors in cis win10 rules 2.3.10.12-5.15 Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com> * fix: win10 cis ids of 15327, 15344 and 15367 and minnor fixes * fix: cis win10 titles and rules 15223, 15374 * fix: cis win10 rationale minnor error 1.1-5.29 * fix: remove double white-spaces in cis win10 policy * fix: remove whitespace before double quotes in cis win10 policy * fix: remove double whitespaces and whitespaces before double quotes cis win10 policy * fix: cis win10 check 15017 * fix: sca win10 changes in rules 15121 15119 15120 15122 and 15108 description * fix: sca win10 add default cases for checks 15120-15144 * fix: cis win10 enrich description for checks 15145-15167 * fix: cis win10 remediation * fix: cis win10 rationale * Fixing errors introduced by merge with parent branch * fix: cis win10 descriptions * fix: cis win10 rules 18.1.1.1-18.6.1. Add default and not configured cases * fix: cis win10 rules 18.6.2-18.9.45.1. Add default and not configured cases * fix: cis win10 rules 18.9.47.4.1-18.9.108.4.3. Add default and not configured cases * fix: cis win10 default values cases for some Windows Firewall checks. Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com> * fix: cis win10 remove Windows blog links references Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com> * fix: cis win10 fix checks 15102, 15264, 15316, 15381, 15389 for default values Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com> * fix: cis win10 fix some rules according to default values * Fixing regex in 1.2.1 * Fixing regex in 1.2.3 * fix: cis win10 errors in rules introduced in 9c98aa2 Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com> * fix: cin win10 error in checks 15310, 15317, 15347, 15356 Co-authored-by: Fabricio Brunetti <fabricio.brunetti@wazuh.com> * Updating rules with findings from Win 11 SCA * Fixing error in 18.9.65.3.3.2 * Fixing error in 18.9.57.1 * Fixing 18.9.108.4.3 * Adding 18.9.6.2 Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com>
Description
This PR fixes some errors in Win 10 CIS SCA benchmark. The complete list of these changes can be found in wazuh/wazuh-qa#3021 research.