dissect.target.plugins.os.windows.regf.auditpol
¶
Module Contents¶
Classes¶
Plugin that parses audit policy settings from the registry. |
Attributes¶
- dissect.target.plugins.os.windows.regf.auditpol.c_adtev¶
- dissect.target.plugins.os.windows.regf.auditpol.POLICY_CATEGORIES = ['System', 'Logon/Logoff', 'Object Access', 'Privilege Use', 'Detailed Tracking', 'Policy...¶
- dissect.target.plugins.os.windows.regf.auditpol.POLICY_MAP¶
- dissect.target.plugins.os.windows.regf.auditpol.POLICY_VALUES¶
- dissect.target.plugins.os.windows.regf.auditpol.AuditPolicyRecord¶
- class dissect.target.plugins.os.windows.regf.auditpol.AuditpolPlugin(target: dissect.target.Target)¶
Bases:
dissect.target.plugin.Plugin
Plugin that parses audit policy settings from the registry.
- KEY = 'HKLM\\SECURITY\\Policy\\PolAdtEv'¶
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- auditpol()¶
Return audit policy settings from the registry.
For Windows, the audit policy settings are stored in the HKEY_LOCAL_MACHINESecurityPolicyPolAdtEv registry key. It shows for each possible audit event if it is logged.
References