
Description: Query the windows registry for the existence of the auditing keys. Looking to see if the key ‘ProcessCreationIncludeCmdLine_Enabled’ is enabled.
SQL:
SELECT * FROM registry
WHERE key='HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit';
Operating Systems: Windows Only
Reference:
#audit #compliance