:py:mod:`dissect.target.plugins.os.windows.regf.auditpol`
=========================================================

.. py:module:: dissect.target.plugins.os.windows.regf.auditpol


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.regf.auditpol.AuditpolPlugin




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.regf.auditpol.c_adtev
   dissect.target.plugins.os.windows.regf.auditpol.POLICY_CATEGORIES
   dissect.target.plugins.os.windows.regf.auditpol.POLICY_MAP
   dissect.target.plugins.os.windows.regf.auditpol.POLICY_VALUES
   dissect.target.plugins.os.windows.regf.auditpol.AuditPolicyRecord


.. py:data:: c_adtev

   

.. py:data:: POLICY_CATEGORIES
   :value: ['System', 'Logon/Logoff', 'Object Access', 'Privilege Use', 'Detailed Tracking', 'Policy...

   

.. py:data:: POLICY_MAP

   

.. py:data:: POLICY_VALUES

   

.. py:data:: AuditPolicyRecord

   

.. py:class:: AuditpolPlugin(target: dissect.target.Target)


   Bases: :py:obj:`dissect.target.plugin.Plugin`

   Plugin that parses audit policy settings from the registry.

   .. py:attribute:: KEY
      :value: 'HKLM\\SECURITY\\Policy\\PolAdtEv'

      

   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with
      the current target (``self.target``). For example, check if a certain
      file exists.
      Otherwise it should raise an ``UnsupportedPluginError``.

      :raises UnsupportedPluginError: If the plugin could not be loaded.


   .. py:method:: auditpol()

      Return audit policy settings from the registry.

      For Windows, the audit policy settings are stored in the HKEY_LOCAL_MACHINE\Security\Policy\PolAdtEv registry
      key. It shows for each possible audit event if it is logged.

      .. rubric:: References

      - https://countuponsecurity.com/tag/poladtev/