{"id":716,"date":"2023-04-19T00:16:50","date_gmt":"2023-04-18T23:16:50","guid":{"rendered":"https:\/\/www.seven-stones.biz\/blog\/?p=716"},"modified":"2023-06-01T19:42:12","modified_gmt":"2023-06-01T18:42:12","slug":"auditpolcis-automating-windows-siem-cis-benchmarks-testing","status":"publish","type":"post","link":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/","title":{"rendered":"AuditpolCIS &#8211; Automating Windows SIEM CIS Benchmarks Testing"},"content":{"rendered":"\n<p>In the <a href=\"https:\/\/www.seven-stones.biz\/blog\/windows-siem-optimizing-events-volume-with-cis-benchmarks-and-auditpolcis\/\" target=\"_blank\" rel=\"noreferrer noopener\">previous post on the subject of Windows SIEM<\/a>, we covered the CIS benchmarks for Windows Auditing Policy in a spreadsheet, which was provided freely (really, actually free). <\/p>\n\n\n\n<p>This week we introduce a python open source tool we have developed, to automate the CIS Benchmark testing. <\/p>\n\n\n\n<script type=\"text\/javascript\" src=\"https:\/\/cdnjs.buymeacoffee.com\/1.0.0\/button.prod.min.js\" data-name=\"bmc-button\" data-slug=\"itibbleH\" data-color=\"#FFDD00\" data-emoji=\"\"  data-font=\"Cookie\" data-text=\"Buy me a coffee\" data-outline-color=\"#000000\" data-font-color=\"#000000\" data-coffee-color=\"#ffffff\" ><\/script>\n\n\n\n<p class=\"wp-block-heading\" style=\"background-color:#303030;font-size:25px;margin-top:25px\"><a href=\"https:\/\/github.com\/SevenStones\/auditpolCIS\" target=\"_blank\" rel=\"noreferrer noopener\">Download AuditpolCIS<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/auditpolcis-screen.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1082\" height=\"794\" src=\"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/auditpolcis-screen.png\" alt=\"\" class=\"wp-image-718\"\/><\/a><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><h2 class=\"wp-block-heading\" style=\"font-size:21px\">Meeting Regulatory \/ Compliance \/ Audit Requirements<\/h2><\/p>\n\n\n\n<p>The automated assessment results from AuditpolCIS, as it&#8217;s based on CIS Benchmarks, helps in the support of meeting audit requirements for a number of programs, not least <a href=\"https:\/\/www.pcisecuritystandards.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">PCI-DSS<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Audit account logon events: Helps in monitoring and logging all attempts to authenticate user credentials (PCI-DSS Requirement 10.2.4).<\/li>\n\n\n\n<li>Audit object access: Monitors access to objects like files, folders, and registry keys that store cardholder data (PCI-DSS Requirement 10.2.1).<\/li>\n\n\n\n<li>Audit privilege use: Logs any event where a user exercises a user right or privilege (PCI-DSS Requirement 10.2.2).<\/li>\n\n\n\n<li>Local log files sizes and retention policies are useful in assessing compliance with e.g. 5.3.4 and 10.5.1 requirements (PCI-DSS 4). There should be a block of text after the audit policy results. <\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:21px\">Usage \/ Setup<\/h2>\n\n\n\n<p>First you will to set up a Python Virtual Environment. Ensure that you have Python installed on your system (Python 3.10 was used in development). If not, download and install Python from the official website: <a href=\"https:\/\/www.python.org\/downloads\/\">https:\/\/www.python.org\/downloads\/<\/a><\/p>\n\n\n\n<p>Open a Command Prompt or terminal window and navigate to the folder where you extracted the AuditpolCIS project.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Run the following command to create a new virtual environment:                                      <\/p>\n\n\n\n<pre id=\"block-42689356-251f-41a6-84b5-87caf7992408\" class=\"wp-block-code\"><code>python -m venv venv<\/code><\/pre>\n\n\n\n<p>Activate the virtual environment by running:<\/p>\n\n\n\n<p>For Windows:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>venv\\Scripts\\activate<\/code><\/pre>\n\n\n\n<p>For macOS\/Linux:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>source venv\/bin\/activate<\/code><\/pre>\n\n\n\n<p>Install the required Python packages from the <code>requirements.txt<\/code> file by running:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>pip install -r requirements.txt<\/code><\/pre>\n\n\n\n<p>You will need a .env file in your project root. The contents relate to the target you wish to test:<\/p>\n\n\n\n<p><code>HOSTNAME='&lt;Windows box IP address or host name&gt;'<br>USERNAME='&lt;Windows user account name&gt;'<br>PASSWORD='&lt;account password&gt;'<\/code><br><br><\/p>\n\n\n\n<p>Make sure to assign the right ownership and permission on .env. Usually the permissions will be 600. <\/p>\n\n\n\n<p>Once the virtualenv is enabled, you can run the code:<\/p>\n\n\n\n<p>.\/<a href=\"https:\/\/github.com\/SevenStones\/auditpolCIS\/blob\/master\/auditpolcis.py\">auditpolcis.py<\/a><br><\/p>\n\n\n\n<p><br>Feel free to branch or submit a PR.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:21px\">Additional Points<\/h2>\n\n\n\n<p><a href=\"https:\/\/learn.cisecurity.org\/benchmarks\" target=\"_blank\" rel=\"noreferrer noopener\">The CIS benchmarks are based on Windows 2019 Server <\/a>but they apply to other target varients on a Windows theme. I know none of you will have EOL Windows versions. &lt;Sarcasm engaged&gt;I mean in 22 years of consulting, i&#8217;ve never seen any out-of-support warez in critical business usage&lt;\/Sarcasm engaged&gt;.<\/p>\n\n\n\n<p>Powershell is not required on the target but use of Powershell is also not a crime. Yes, that was a security person who said that.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Sustainability \/ Use of Regex<\/h2>\n\n\n\n<p>I had to use some fairly snazzy regex to pull out Categories (<code>category_pattern = r'^(\\w+.*?)(\\r)?$'<\/code>) and Subcategories (<code>subcategory_pattern = r'^( {2})([^ ]+.*?)(?=\\s{3,})(.*\\S)'<\/code>)  from the auditpol command output. I did look at more sustainable ways of achieving the same goal, although admittedly i didn&#8217;t spend much time doing that. One thing has been clear for a long time with Windows &#8211; don&#8217;t go looking for registry keys because that can be very painful. Not only is documentation for a key location somewhat thin and erroneous, the key loation also often changes across Windows versions. <a href=\"https:\/\/chat.openai.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">ChatGPT<\/a>&#8216;s lack of knowledge of Windows reg keys bears testimony to the previous comments. <\/p>\n\n\n\n<p>So there are two sources of Subcategory names &#8211; there is cis-benchmarks.yaml and there is the output of the <code>auditpol \/get \/category:*<\/code> command. If there are entries in the YAML file which are not in the auditpol output, they are flagged in the script output, and the same is true vice versa. So if you make spelling mistakes in the excel sheet or YAML file, it will be flagged. It can also happen that auditpol output subcategories do not reflect the CIS Benchmarks subcategories, perhaps with different Windows versions as targets. Any of these categories will be flagged by the script and listed below the pass\/fail results.<\/p>\n\n\n\n<p>If you want to change the verdicts or [Sub]Category names, you are of course free to do so. You can edit the cis-benchmarks.yaml file, or edit the included spreadsheet, followed by running the included genyaml.py. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Connection Method<\/h2>\n\n\n\n<p>The scripts works over SSH because other types of connection are a pain in the derriere and require you to radically increase your attack surface area, but if there&#8217;s a request for e.g. WinRM, please do let me know, or send out a <a href=\"https:\/\/docs.github.com\/en\/pull-requests\/collaborating-with-pull-requests\/proposing-changes-to-your-work-with-pull-requests\/about-pull-requests\" target=\"_blank\" rel=\"noreferrer noopener\">Pull Request<\/a>. <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows-server\/administration\/openssh\/openssh_install_firstuse?tabs=powershell\" target=\"_blank\" rel=\"noreferrer noopener\">Follow this link for more information about enabling the built-in SSH for Windows<\/a>. <\/p>\n\n\n\n<p>I know use of <code>AutoAddPolicy<\/code> with Paramiko in Python is not good form, but also assume that as an admin in the position of someone who performs daily tasks using administrative rights, that you know your hosts. Sometimes security people do get in the way of progress, when there&#8217;s low risk issues afoot. Use of <code>RejectPolicy<\/code> instead of auto-add would be one such case.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Tests Rationalisation<\/h2>\n\n\n\n<p>Some of the tests included are not a CIS Benchmark (out of 59 tests, 32 are CIS Benchmarks, whereas 27 are not). It&#8217;s not clear why the subcategories were omitted by CIS but anyway &#8211; in these cases we have made an assessment based on logging events volume for this subcategory, versus the security value of the subcategory. Most of these are just noise, and in many cases, very high volume noise, so we have advised &#8220;No Auditing&#8221;.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Customising Test Criteria<\/h2>\n\n\n\n<p>The testing template is formed of the YAML file cis-benchmarks.yaml. If you prefer to make changes to the testing template with Excel, the sheet is <strong>CIS-Audit-Reqs-Windows2019Server.xlsx<\/strong> <a href=\"https:\/\/github.com\/SevenStones\/auditpolCIS\/blob\/master\/CIS-Audit-Reqs-Windows2019Server.xlsx\" target=\"_blank\" rel=\"noreferrer noopener\">in the code root<\/a>. You can then use the python script <a href=\"https:\/\/github.com\/SevenStones\/auditpolCIS\/blob\/master\/genyaml.py\">genyaml.py<\/a> to generate a new YAML file (you will need to use the right <a href=\"https:\/\/docs.python.org\/3\/library\/venv.html\" target=\"_blank\" rel=\"noreferrer noopener\">virtualenv<\/a>, see above for usage instructions).<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the previous post on the subject of Windows SIEM, we covered the CIS benchmarks for Windows Auditing Policy in a spreadsheet, which was provided freely (really, actually free). This week we introduce a python open source tool we have &hellip; <a href=\"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,65,204,138,176,101,68,23,224,235,234],"tags":[86,142,157,238,225],"class_list":["post-716","post","type-post","status-publish","format-standard","hentry","category-blog","category-cis-benchmarks","category-logging","category-python","category-security-testing","category-security-tools","category-siem","category-tools","category-windows","category-windows-2019-server","category-windows-audit-policy","tag-cis-benchmarks","tag-python","tag-siem","tag-testing-tools","tag-windows"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AuditpolCIS - Automating Windows SIEM CIS Benchmarks Testing - Security Macromorphosis<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AuditpolCIS - Automating Windows SIEM CIS Benchmarks Testing - Security Macromorphosis\" \/>\n<meta property=\"og:description\" content=\"In the previous post on the subject of Windows SIEM, we covered the CIS benchmarks for Windows Auditing Policy in a spreadsheet, which was provided freely (really, actually free). This week we introduce a python open source tool we have &hellip; Continue reading &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Macromorphosis\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-18T23:16:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-01T18:42:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/auditpolcis-screen.png\" \/>\n<meta name=\"author\" content=\"itibble@gmail.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@seven_stones\" \/>\n<meta name=\"twitter:site\" content=\"@seven_stones\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"itibble@gmail.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/\"},\"author\":{\"name\":\"itibble@gmail.com\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#\\\/schema\\\/person\\\/dd7adbe0152f2279b133661b823e0c28\"},\"headline\":\"AuditpolCIS &#8211; Automating Windows SIEM CIS Benchmarks Testing\",\"datePublished\":\"2023-04-18T23:16:50+00:00\",\"dateModified\":\"2023-06-01T18:42:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/\"},\"wordCount\":918,\"commentCount\":2,\"image\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/wp-content\\\/uploads\\\/auditpolcis-screen.png\",\"keywords\":[\"CIS Benchmarks\",\"python\",\"SIEM\",\"testing tools\",\"Windows\"],\"articleSection\":[\"Blog\",\"CIS Benchmarks\",\"Logging\",\"Python\",\"Security testing\",\"security tools\",\"SIEM\",\"Tools\",\"Windows\",\"Windows 2019 Server\",\"Windows Audit Policy\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/\",\"url\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/\",\"name\":\"AuditpolCIS - Automating Windows SIEM CIS Benchmarks Testing - Security Macromorphosis\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/wp-content\\\/uploads\\\/auditpolcis-screen.png\",\"datePublished\":\"2023-04-18T23:16:50+00:00\",\"dateModified\":\"2023-06-01T18:42:12+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#\\\/schema\\\/person\\\/dd7adbe0152f2279b133661b823e0c28\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/wp-content\\\/uploads\\\/auditpolcis-screen.png\",\"contentUrl\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/wp-content\\\/uploads\\\/auditpolcis-screen.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AuditpolCIS &#8211; Automating Windows SIEM CIS Benchmarks Testing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/\",\"name\":\"Security Macromorphosis\",\"description\":\"Ian Tibble&#039;s Security Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#\\\/schema\\\/person\\\/dd7adbe0152f2279b133661b823e0c28\",\"name\":\"itibble@gmail.com\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g\",\"caption\":\"itibble@gmail.com\"},\"description\":\"Author of Security De-engineering, CTO at Seven Stones (Indonesia)\",\"sameAs\":[\"http:\\\/\\\/www.seven-stones.biz\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AuditpolCIS - Automating Windows SIEM CIS Benchmarks Testing - Security Macromorphosis","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/","og_locale":"en_US","og_type":"article","og_title":"AuditpolCIS - Automating Windows SIEM CIS Benchmarks Testing - Security Macromorphosis","og_description":"In the previous post on the subject of Windows SIEM, we covered the CIS benchmarks for Windows Auditing Policy in a spreadsheet, which was provided freely (really, actually free). This week we introduce a python open source tool we have &hellip; Continue reading &rarr;","og_url":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/","og_site_name":"Security Macromorphosis","article_published_time":"2023-04-18T23:16:50+00:00","article_modified_time":"2023-06-01T18:42:12+00:00","og_image":[{"url":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/auditpolcis-screen.png","type":"","width":"","height":""}],"author":"itibble@gmail.com","twitter_card":"summary_large_image","twitter_creator":"@seven_stones","twitter_site":"@seven_stones","twitter_misc":{"Written by":"itibble@gmail.com","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/#article","isPartOf":{"@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/"},"author":{"name":"itibble@gmail.com","@id":"https:\/\/www.seven-stones.biz\/blog\/#\/schema\/person\/dd7adbe0152f2279b133661b823e0c28"},"headline":"AuditpolCIS &#8211; Automating Windows SIEM CIS Benchmarks Testing","datePublished":"2023-04-18T23:16:50+00:00","dateModified":"2023-06-01T18:42:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/"},"wordCount":918,"commentCount":2,"image":{"@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/#primaryimage"},"thumbnailUrl":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/auditpolcis-screen.png","keywords":["CIS Benchmarks","python","SIEM","testing tools","Windows"],"articleSection":["Blog","CIS Benchmarks","Logging","Python","Security testing","security tools","SIEM","Tools","Windows","Windows 2019 Server","Windows Audit Policy"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/","url":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/","name":"AuditpolCIS - Automating Windows SIEM CIS Benchmarks Testing - Security Macromorphosis","isPartOf":{"@id":"https:\/\/www.seven-stones.biz\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/#primaryimage"},"image":{"@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/#primaryimage"},"thumbnailUrl":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/auditpolcis-screen.png","datePublished":"2023-04-18T23:16:50+00:00","dateModified":"2023-06-01T18:42:12+00:00","author":{"@id":"https:\/\/www.seven-stones.biz\/blog\/#\/schema\/person\/dd7adbe0152f2279b133661b823e0c28"},"breadcrumb":{"@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/#primaryimage","url":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/auditpolcis-screen.png","contentUrl":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/auditpolcis-screen.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.seven-stones.biz\/blog\/auditpolcis-automating-windows-siem-cis-benchmarks-testing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.seven-stones.biz\/blog\/"},{"@type":"ListItem","position":2,"name":"AuditpolCIS &#8211; Automating Windows SIEM CIS Benchmarks Testing"}]},{"@type":"WebSite","@id":"https:\/\/www.seven-stones.biz\/blog\/#website","url":"https:\/\/www.seven-stones.biz\/blog\/","name":"Security Macromorphosis","description":"Ian Tibble&#039;s Security Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.seven-stones.biz\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.seven-stones.biz\/blog\/#\/schema\/person\/dd7adbe0152f2279b133661b823e0c28","name":"itibble@gmail.com","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g","caption":"itibble@gmail.com"},"description":"Author of Security De-engineering, CTO at Seven Stones (Indonesia)","sameAs":["http:\/\/www.seven-stones.biz"]}]}},"_links":{"self":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts\/716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/comments?post=716"}],"version-history":[{"count":21,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts\/716\/revisions"}],"predecessor-version":[{"id":754,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts\/716\/revisions\/754"}],"wp:attachment":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/media?parent=716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/categories?post=716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/tags?post=716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}