`auditpol`#

$ target-query <path/to/target> -f auditpol

Details#
Module	`os.windows.regf.auditpol.AuditpolPlugin`
Output	`records`

Module documentation

Plugin that parses audit policy settings from the registry.

Function documentation

Return audit policy settings from the registry.

For Windows, the audit policy settings are stored in the HKEY_LOCAL_MACHINESecurityPolicyPolAdtEv registry key. It shows for each possible audit event if it is logged.

References:

https://countuponsecurity.com/tag/poladtev/

auditpol#

`auditpol`#