Skip to content

liamsennitt/auditpol

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.github
.github
 
 
auditpol
auditpol
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
uv.lock
uv.lock
 
 

Repository files navigation

AuditPol

GitHub Workflow Status (branch) PyPI GitHub

The auditpol module allows you to easily parse and create Windows Audit Policy CSV files in Python.

Installation

To install the auditpol module via pip, run the command:

$ pip install auditpol

Usage

Start by importing the auditpol module.

import auditpol

The function auditpol.load, loads an audit policy CSV file.

with open('example.csv', 'r') as file:
    auditpol.load(file)

In addition to loading an existing audit policy, policies created using the relevant subcategory settings, audit options or global object access audit settings can be dumped to a CSV file using the auditpol.dump function.

with open('example.csv', 'w') as file:
    auditpol.dump(policy, file)

SubcategorySetting

To create a system subcategory setting as part of an audit policy, a auditpol.subcategories.Subcategory and a auditpol.settings.SettingValue must be created.

This can then be used to create a auditpol.settings.SubcategorySetting.

from auditpol.subcategories import Subcategory
from auditpol.settings import SettingValue, SubcategorySetting

subcategory = Subcategory(
    id='{0CCE922B-69AE-11D9-BED3-505054503030}',
    name='Process Creation'
)

inclusion_setting = SettingValue(
    success=True,
    failure=True
)

subcategory_setting = SubcategorySetting(
    subcategory=subcategory,
    inclusion_setting=inclusion_setting
)

AuditOption

To create an audit option as part of an audit policy, a auditpol.settings.OptionValue must be created.

This can then be used to create a auditpol.settings.AuditOption.

from auditpol.settings import OptionValue, AuditOption

value = OptionValue(
    enabled=True
)

audit_option = AuditOption(
    type='CrashOnAuditFail'
    value=value
)

GlobalObjectAccessAuditSetting

To create a global object access audit setting, a auditpol.settings.GlobalObjectAccessAuditSetting must be created.

from auditpol.settings import GlobalObjectAccessAuditSetting

global_object_access_audit_setting = GlobalObjectAccessAuditSetting(
    type='RegistryGlobalSacl'
    sacl='S:(AU;SA;FA;;;WD)'
)

AuditPolicy

To create an audit policy one or more subcategory settings, audit options or global object access audit settings must be created as described above.

These settings can then be used to create an auditpol.policy.AuditPolicy.

from auditpol.policy import AuditPolicy

policy = AuditPolicy(
    settings=[
        subcategory_setting,
        audit_option,
        global_object_access_audit_setting
    ]
)

About

Windows Audit Policy parser and emitter for Python

Topics

python windows

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 2

v1.1.0 Latest
Dec 23, 2020
+ 1 release

Contributors

Languages