Skip to main content

Windows Audit Policy parser and emitter for Python

Project description

AuditPol

GitHub Workflow Status (branch) PyPI GitHub

The auditpol module allows you to easily parse and create Windows Audit Policy CSV files in Python.

Installation

To install the auditpol module via pip, run the command:

$ pip install auditpol

Usage

Start by importing the auditpol module.

>>> import auditpol

The function auditpol.load, loads an audit policy CSV file.

>>> with open('example.csv', 'r') as file:
...     auditpol.load(file)

In addition to loading an existing audit policy, policies created using the relevant subcategory settings, audit options or global object access audit settings can be dumped to a CSV file using the auditpol.dump function.

>>> with open('example.csv', 'w') as file:
...     auditpol.dump(policy, file)

SubcategorySetting

To create a system subcategory setting as part of an audit policy, a auditpol.subcategories.Subcategory and a auditpol.settings.SettingValue must be created.

This can then be used to create a auditpol.settings.SubcategorySetting.

>>> from auditpol.subcategories import Subcategory
>>> from auditpol.settings import SettingValue, SubcategorySetting

>>> subcategory = Subcategory(
...     id='{0CCE922B-69AE-11D9-BED3-505054503030}',
...     name='Process Creation'
... )

>>> inclusion_setting = SettingValue(
...     success=True,
...     failure=True
... )

>>> subcategory_setting = SubcategorySetting(
...     subcategory=subcategory,
...     inclusion_setting=inclusion_setting
... )

AuditOption

To create an audit option as part of an audit policy, a auditpol.settings.OptionValue must be created.

This can then be used to create a auditpol.settings.AuditOption.

>>> from auditpol.settings import OptionValue, AuditOption

>>> value = OptionValue(
...     enabled=True
... )

>>> audit_option = AuditOption(
...     type='CrashOnAuditFail'
...     value=value
... )

GlobalObjectAccessAuditSetting

To create a global object access audit setting, a auditpol.settings.GlobalObjectAccessAuditSetting must be created.

>>> from auditpol.settings import GlobalObjectAccessAuditSetting

>>> global_object_access_audit_setting = GlobalObjectAccessAuditSetting(
...     type='RegistryGlobalSacl'
...     sacl='S:(AU;SA;FA;;;WD)'
... )

AuditPolicy

To create an audit policy one or more subcategory settings, audit options or global object access audit settings must be created as described above.

These settings can then be used to create an auditpol.policy.AuditPolicy.

>>> from auditpol.policy import AuditPolicy

>>> policy = AuditPolicy(
...     settings=[
...         subcategory_setting,
...         audit_option,
...         global_object_access_audit_setting
...     ]
... )

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for auditpol, version 1.1.0
Filename, size File type Python version Upload date Hashes
Filename, size auditpol-1.1.0-py3-none-any.whl (12.2 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size auditpol-1.1.0.tar.gz (5.7 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page