-
Notifications
You must be signed in to change notification settings - Fork 119
/
Copy pathwindows-application-security.conf
executable file
·40 lines (40 loc) · 1.96 KB
/
windows-application-security.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
{
"platform": "windows",
"queries": {
"bitlocker_autoencrypt_settings_registry": {
"query": "SELECT * FROM registry WHERE key LIKE 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Bitlocker\\%%';",
"interval": 3600,
"description": "Controls Bitlocker full-disk encryption settings."
},
"bitlocker_fde_settings_registry": {
"query": "SELECT * FROM registry WHERE key LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\FVE\\%%';",
"interval": 3600,
"description": "Controls Bitlocker full-disk encryption settings."
},
"chrome_extension_force_list_registry": {
"query": "SELECT * FROM registry WHERE key='HKEY_LOCAL_MACHINE\\Software\\Policies\\Google\\Chrome\\ExtensionInstallForcelist';",
"interval": 3600,
"description": "Controls Google Chrome plugins that are forcibly installed."
},
"emet_settings_registry": {
"query": "SELECT * FROM registry WHERE key LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\EMET\\%%';",
"interval": 3600,
"description": "Controls EMET-protected applications and system settings."
},
"microsoft_laps_settings_registry": {
"query": "SELECT * FROM registry WHERE key='HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft Services\\AdmPwd';",
"interval": 3600,
"description": "Controls Local Administrative Password Solution (LAPS) settings."
},
"passport_for_work_settings_registry": {
"query": "SELECT * FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\PassportForWork\\%%';",
"interval": 3600,
"description": "Controls Windows Passport for Work (Hello) settings."
},
"uac_settings_registry": {
"query": "SELECT * FROM registry WHERE path='HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA';",
"interval": 3600,
"description": "Controls UAC. A setting of 0 indicates that UAC is disabled."
}
}
}