Skip to content

Commit 055dd5d

Browse files
fukusuketfukusuket
committed
update
1 parent 5f2b515 commit 055dd5d

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

config/WELA.ps1

+4-1
Original file line numberDiff line numberDiff line change
@@ -73,14 +73,17 @@ $unusablePercentages = $unusableCounts | ForEach-Object {
7373
}
7474

7575
# Step 6: Generate the required outputtotal
76+
$customOrder = @("critical", "high", "medium", "low", "informational")
7677
Write-Output "Checking event log audit settings. Please wait."
7778
Write-Output ""
7879
Write-Output "Detection rules that can be used on this system versus total possible rules:"
80+
$usablePercentages = $usablePercentages | Sort-Object { $customOrder.IndexOf($_.Level) }
7981
$usablePercentages | ForEach-Object {
8082
Write-Output "$($_.Level) rules: $($_.UsableCount) / $($_.TotalCount) ($($_.Percentage)%)"
8183
}
8284
Write-Output ""
8385
Write-Output "Detection rules that cannot be used on this system:"
86+
$unusablePercentages = $unusablePercentages | Sort-Object { $customOrder.IndexOf($_.Level) }
8487
$unusablePercentages | ForEach-Object {
8588
Write-Output "$($_.Level) rules: $($_.UnusableCount) / $($_.TotalCount) ($($_.Percentage)%)"
8689
}
@@ -91,7 +94,7 @@ Write-Output ""
9194
$totalUsable = ($usablePercentages | Measure-Object -Property UsableCount -Sum).Sum
9295
$totalRulesCount = ($totalCounts | Measure-Object -Property Count -Sum).Sum
9396
$utilizationPercentage = "{0:N2}" -f (($totalUsable / $totalRulesCount) * 100)
94-
Write-Output "You can only utilize $utilizationPercentage% of your Security detection rules."
97+
Write-Output "You can utilize $utilizationPercentage% of your detection rules."
9598

9699
# Step 7: Save the lists of usable and unusable rules to CSV files
97100
$usableRules | Select-Object title, level, id | Export-Csv -Path "UsableRules.csv" -NoTypeInformation

0 commit comments

Comments
 (0)