{"id":37521863,"url":"https://github.com/akunzai/windows-secure-auditor","last_synced_at":"2026-01-16T08:18:18.423Z","repository":{"id":65238496,"uuid":"581783370","full_name":"akunzai/windows-secure-auditor","owner":"akunzai","description":"PowerShell script to generate daily audit report, like Logwatch for Windows","archived":false,"fork":false,"pushed_at":"2025-09-01T11:13:46.000Z","size":197,"stargazers_count":25,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-09T01:59:52.630Z","etag":null,"topics":["audit","iso27001","logwatch","powershell","security","windows"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/akunzai.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-12-24T10:13:22.000Z","updated_at":"2025-09-01T11:13:48.000Z","dependencies_parsed_at":"2024-04-01T14:46:17.872Z","dependency_job_id":null,"html_url":"https://github.com/akunzai/windows-secure-auditor","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/akunzai/windows-secure-auditor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akunzai%2Fwindows-secure-auditor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akunzai%2Fwindows-secure-auditor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akunzai%2Fwindows-secure-auditor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akunzai%2Fwindows-secure-auditor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/akunzai","download_url":"https://codeload.github.com/akunzai/windows-secure-auditor/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akunzai%2Fwindows-secure-auditor/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28478047,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T06:30:42.265Z","status":"ssl_error","status_checked_at":"2026-01-16T06:30:16.248Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","iso27001","logwatch","powershell","security","windows"],"created_at":"2026-01-16T08:18:17.696Z","updated_at":"2026-01-16T08:18:18.407Z","avatar_url":"https://github.com/akunzai.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Windows Secure Auditor\n\n\u003e PowerShell script to generate daily audit report, like [Logwatch](https://sourceforge.net/projects/logwatch/) for Windows\n\n## Translations\n\n- [繁體中文](./README.zh-TW.md)\n\n## Requirements\n\n- PowerShell \u003e= 5.1\n- Windows Server 2016 or newer\n\n## Features\n\n- Output as Markdown\n- [Localization](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_script_internationalization)\n- Extensible [rules](./rules/)\n- Overridable [settings](./SecureAuditor.ini)\n\n## Installation\n\n\u003e [git](https://git-scm.com/downloads) is required\n\n```powershll\n# Use git to clone this repo\ngit clone https://github.com/akunzai/windows-secure-auditor.git\n\n# Enter the directory\ncd windows-secure-auditor\n\n# In the future, you can update to the latest version through `git pull`\ngit pull\n```\n\n## Usage\n\n\u003e See more sample usage in [examples](./examples/)\n\n```powershell\n# run this script\n.\\SecureAuditor.ps1\n\n# run this script with verbose messages\n. .\\SecureAuditor.ps1 -Verbose\n```\n\n\u003e The corresponding configuration of `SecureAuditor.ini` can be overridden by creating `SecureAuditor.local.ini` in the project directory\n\nSample output\n\n````markdown\n# Windows Secure Auditor: 1.2.1\n\n## System Information\n\n- Hostname: DEMO\n- TimeZone: (UTC+08:00) Taipei\n- DateTime: 2023-01-04T00:00:00\n- Culture: en-US\n- UI Culture: en-US\n- OS: Microsoft Windows Server 2019 Datacenter - 10.0.17763\n- UpTime: 240.00 Hour(s)\n- PowerShell Version: 7.3.2\n- .NET CLR Version: 7.0.2\n\n## Antivirus\n\n- [x] Installed: Microsoft Defender 4.18.2211.5\n- [x] Updated Status: 2023-01-03T09:30:00+08:00 - 1.381.1994.0\n\n## Disk Space\n\n- [x] C | Used: 18.89 GB | Free: 107.56 GB | Usage: 14.94% \u003c= 90%\n- [x] D | Used: 1.04 GB | Free: 6.96 GB | Usage: 13.03% \u003c= 90%\n\n## File Integrity Monitoring\n\n### Added\n\n- D:\\Backup\\website.2023-01-03.zip\n\n### Deleted\n\n- D:\\Backup\\website.2022-12-26.zip\n\n### Modified\n\n- D:\\WebSites\\example.com\\web.config\n  - Last Modified: 2023-01-02T16:00:00Z =\u003e 2023-01-3T16:00:00Z\n  - Size(Bytes): 128 =\u003e 129\n  - Hash(SHA256): EDEAAFF3F1774AD2888673770C6D64097E391BC362D7D6FB34982DDF0EFD18CB =\u003e E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855\n\n## Network Time Protocol\n\n- [x] Windows Time service started\n- [x] NTP source: time.windows.com,0x8\n\n```log\nLeap Indicator: 0(no warning)\nStratum: 4 (secondary reference - syncd by (S)NTP)\nPrecision: -23 (119.209ns per tick)\nRoot Delay: 0.0037284s\nRoot Dispersion: 0.0346264s\nReferenceId: 0x142B5EC7 (source IP:  127.0.0.3)\nLast Successful Sync Time: 1/3/2023 23:59:39 PM\nSource: time.windows.com,0x8\nPoll Interval: 6 (64s)\n```\n\n## Password Policy\n\n- [x] Minimum password age(days): 1 \u003e= 1\n- [x] Maximum password age(days): 90 \u003c= 90\n- [x] Minimum password length: 12 \u003e= 12\n- [x] Password history size: 3 \u003e= 3\n\n## Pending Windows Update\n\n- [ ] Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.381.1969.0)\n\n## Failed HTTP Requests\n\n- Status code: 500\n  - `/api/search?q=test`: 1 Time(s)\n- Status code: 404\n  - `/favicon.ico`: 2 Time(s)\n  - `/robots.txt`: 1 Time(s)\n\n## Default Account\n\n- [x] Administrator: not found\n- [x] Guest: disabled\n\n## Idle Account\n\n- [ ] alice: last logon at 2021-01-01T09:10:00+08:00\n\n## Password Expires\n\n- [ ] WDeployAdmin: password never expires\n- [ ] tom: last set at 2022-06-03T21:10:00+08:00 \u003e 90 days\n\n## Event Logs\n\n- Level: Error | Event ID: 2004\n  - LogName: Application\n  - Source: Microsoft-Windows-PerfNet\n  - Count: 1\n\n```log\nUnable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.\n```\n\n- Level: Error | Event ID: 36874\n  - LogName: System\n  - Source: Schannel\n  - Count: 25\n\n```log\nAn TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.\n```\n\n## Login\n\n- bob: login success\n  - 127.0.0.2: 7 Time(s)\n- bob: login failed\n  - 127.0.0.3: 1 Time(s)\n\n## Shutdown\n\n- 2023-01-03T08:30:00+08:00 | The system has rebooted without cleanly shutting down first.\n- 2023-01-03T23:00:00+08:00 | The process C:\\Windows\\system32\\svchost.exe (DEMO) has initiated the restart of computer DEMO on behalf of user NT AUTHORITY\\SYSTEM for the following reason: Operating System: Service pack (Planned)\n  Reason Code: 0x80020010\n  Shutdown Type: restart\n  Comment:\n\n## Software Installation\n\n- Product: windows_exporter -- Installation completed successfully.\n- Product: Bonjour -- Removal completed successfully.\n\n## User Account Management\n\n- 2023-01-03T21:20:00+08:00 | `bob` delete `john`\n- 2023-01-03T21:10:00+08:00 | `bob` create `john`\n````\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakunzai%2Fwindows-secure-auditor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fakunzai%2Fwindows-secure-auditor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakunzai%2Fwindows-secure-auditor/lists"}