Skip to main content

Windows Audit Policy parser and emitter for Python

Project description


GitHub Workflow Status (branch) PyPI GitHub

The auditpol module allows you to easily parse and create Windows Audit Policy CSV files in Python.


To install the auditpol module via pip, run the command:

$ pip install auditpol


Start by importing the auditpol module.

>>> import auditpol

The function auditpol.load, loads an audit policy CSV file.

>>> with open('example.csv', 'r') as file:
...     auditpol.load(file)

In addition to loading an existing audit policy, policies created using the relevant subcategory settings, audit options or global object access audit settings can be dumped to a CSV file using the auditpol.dump function.

>>> with open('example.csv', 'w') as file:
...     auditpol.dump(policy, file)


To create a system subcategory setting as part of an audit policy, a auditpol.subcategories.Subcategory and a auditpol.settings.SettingValue must be created.

This can then be used to create a auditpol.settings.SubcategorySetting.

>>> from auditpol.subcategories import Subcategory
>>> from auditpol.settings import SettingValue, SubcategorySetting

>>> subcategory = Subcategory(
...     id='{0CCE922B-69AE-11D9-BED3-505054503030}',
...     name='Process Creation'
... )

>>> inclusion_setting = SettingValue(
...     success=True,
...     failure=True
... )

>>> subcategory_setting = SubcategorySetting(
...     subcategory=subcategory,
...     inclusion_setting=inclusion_setting
... )


To create an audit option as part of an audit policy, a auditpol.settings.OptionValue must be created.

This can then be used to create a auditpol.settings.AuditOption.

>>> from auditpol.settings import OptionValue, AuditOption

>>> value = OptionValue(
...     enabled=True
... )

>>> audit_option = AuditOption(
...     type='CrashOnAuditFail'
...     value=value
... )


To create a global object access audit setting, a auditpol.settings.GlobalObjectAccessAuditSetting must be created.

>>> from auditpol.settings import GlobalObjectAccessAuditSetting

>>> global_object_access_audit_setting = GlobalObjectAccessAuditSetting(
...     type='RegistryGlobalSacl'
...     sacl='S:(AU;SA;FA;;;WD)'
... )


To create an audit policy one or more subcategory settings, audit options or global object access audit settings must be created as described above.

These settings can then be used to create an auditpol.policy.AuditPolicy.

>>> from auditpol.policy import AuditPolicy

>>> policy = AuditPolicy(
...     settings=[
...         subcategory_setting,
...         audit_option,
...         global_object_access_audit_setting
...     ]
... )

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

auditpol-1.1.0.tar.gz (5.7 kB view hashes)

Uploaded source

Built Distribution

auditpol-1.1.0-py3-none-any.whl (12.2 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page