Windows audit policies
auditpol MQL resource for querying Operating System infrastructure with cnquery and cnspec.
Operating System
Windows audit policies
Use MQL in cnspec shell or policy:
auditpolMin version: 5.15.0
Relationships
2 resources · 2 relationships·Click to select, expand fields to see properties.
Fields (2)
| Field | Type | Description |
|---|---|---|
entry | auditpol.entry | Windows audit policy |
list | []auditpol.entry | - |
auditd (Linux Audit Daemon) rule for a syscall
eg: -a always,exit -F arch=b32 -F auid>=1000 -F auid!=unset => ( action: "always", list: "exit", syscalls: [], field_entries: [ key="arch" op="=" value="b32" key="auid" op=">=" value="1000" key="auid" op="!=" value="unset" ], keyname: nil, )
Windows audit policy
auditpol.entry MQL resource for querying Operating System infrastructure with cnquery and cnspec.