AD control cinfiguration with SCA
66 views
Skip to first unread message
doc dodo
Jan 19, 2026, 8:43:28 AM (3 days ago) Jan 19
to Wazuh | Mailing List
Hello,
I want to control configuration Active Directory with custom SCA. A try to add to configuration different commands, for example:
c:powershell secedit /export; (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count -> n:(\d+) compare == 3
John Adewale Olatunde
Jan 19, 2026, 9:20:16 AM (3 days ago) Jan 19
to Wazuh | Mailing List
Hello Doc Dodo
I see you are using an SCA check that runs a PowerShell command relying on the Active Directory module. Please verify that the AD module (RSAT) is installed and available on the endpoint. You can also run the command manually on the endpoint to confirm it executes correctly and returns the expected output.
You can check whether the Active Directory PowerShell module is installed and available on the endpoint using this command
Get-Module -ListAvailable ActiveDirectory
If the module is installed, this command will return details about the ActiveDirectory module. If it returns nothing, the module is not installed.
You can check whether the Active Directory PowerShell module is installed and available on the endpoint using this command
Get-Module -ListAvailable ActiveDirectory
If the module is installed, this command will return details about the ActiveDirectory module. If it returns nothing, the module is not installed.
doc dodo
Jan 20, 2026, 1:23:49 AM (2 days ago) Jan 20
to Wazuh | Mailing List
Hello,
When I run the command manually
on the endpoint
it works successfully (Screenshot-1.jpg).
The module
Active Directory PowerShell is installed
(Screenshot-2.jpg).
AD module (RSAT)
is installed too
(Screenshot-3.jpg).
But SCA reports an error
(Screenshot-4.jpg).
Is there anything else that might be missing to run the command?
понедельник, 19 января 2026 г. в 17:20:16 UTC+3, John Adewale Olatunde:
John Adewale Olatunde
Jan 20, 2026, 8:03:10 AM (2 days ago) Jan 20
to Wazuh | Mailing List
Hello Doc
Kindly share the SCA policy file and the result you get when you run the command manually. This will help in troubleshooting the issue.
doc dodo
Jan 20, 2026, 9:31:00 AM (2 days ago) Jan 20
to Wazuh | Mailing List
Hello,
Ok, it's my
SCA polic:
policy:
id: "windows-standart"
file: "custom_sca_windows-standart.yml"
name: "windows startart configuration"
description: "This document provides prescriptive guidance for establishing a secure configuration Windows servers."
references:
- https://sharepoint.com
checks:
- id: 330514
title: "Ensure AD DomainAdmins members."
description: "AD DomainAdmins members."
remediation: "Change list DomainAdmins."
condition: all
rules:
- 'c: powershell secedit /export; (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count -> n:(\d+) compare == 3'
id: "windows-standart"
file: "custom_sca_windows-standart.yml"
name: "windows startart configuration"
description: "This document provides prescriptive guidance for establishing a secure configuration Windows servers."
references:
- https://sharepoint.com
checks:
- id: 330514
title: "Ensure AD DomainAdmins members."
description: "AD DomainAdmins members."
remediation: "Change list DomainAdmins."
condition: all
rules:
- 'c: powershell secedit /export; (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count -> n:(\d+) compare == 3'
And result of the command:
PS C:\Windows\system32> powershell secedit; (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count
The syntax of this command is:
secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]
3
The syntax of this command is:
secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]
3
вторник, 20 января 2026 г. в 16:03:10 UTC+3, John Adewale Olatunde:
John Adewale Olatunde
Jan 20, 2026, 1:09:49 PM (2 days ago) Jan 20
to Wazuh | Mailing List
Kindly give me some time, let me take a look at this
John Adewale Olatunde
Jan 20, 2026, 8:50:03 PM (2 days ago) Jan 20
to Wazuh | Mailing List
Since you need to compare the result, I advise you adapt the command to print the required value. The previous command you used shows some error in the output, which may prevent the regex from working correctly. For example, on my endpoint, the result is 1 instead of 3, so I used this command
```
powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count
```
The SCA is this
```
policy:
id: "windows-standard"
file: "custom_sca_windows-standart.yml"
name: "windows startard configuration"
description: "This document provides prescriptive guidance for establishing a secure configuration Windows servers."
references:
- https://sharepoint.com
checks:
- id: 330514
title: "Ensure AD DomainAdmins members."
description: "AD DomainAdmins members."
remediation: "Change list DomainAdmins."
condition: all
rules:
- 'c:powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count -> n:(\d+) compare == 1'
```
You can see the result shows as passed on the Wazuh dashboard
So in your case, you can adapt the command to
```
- 'c:powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count -> n:(\d+) compare == 3'
```
```
powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count
```
The SCA is this
```
policy:
id: "windows-standard"
file: "custom_sca_windows-standart.yml"
name: "windows startard configuration"
description: "This document provides prescriptive guidance for establishing a secure configuration Windows servers."
references:
- https://sharepoint.com
checks:
- id: 330514
title: "Ensure AD DomainAdmins members."
description: "AD DomainAdmins members."
remediation: "Change list DomainAdmins."
condition: all
rules:
```
You can see the result shows as passed on the Wazuh dashboard
So in your case, you can adapt the command to
```
- 'c:powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count -> n:(\d+) compare == 3'
```
John Adewale Olatunde
Jan 20, 2026, 8:52:21 PM (2 days ago) Jan 20
to Wazuh | Mailing List
I also noticed that the command you ran from the endpoint is different from what is in the SCA check. Kindly ensure you update the SCA file with the updated command.
I hope this helps
doc dodo
Jan 21, 2026, 7:55:45 AM (yesterday) Jan 21
to Wazuh | Mailing List
Thanks.
I see your screenshot, but with a similar setting I get an fail
If I run command in Powershell:
powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count | Out-File -FilePath > .\list.txt
The result is successfully written to the file.
But if run this command with SCA ther is no result in file.
среда, 21 января 2026 г. в 04:52:21 UTC+3, John Adewale Olatunde:
John Adewale Olatunde
Jan 21, 2026, 10:26:16 AM (23 hours ago) Jan 21
to Wazuh | Mailing List
Hi Doc,
Is the endpoint OS language set to English? Some checks tend to fail if the OS language is not English. https://github.com/wazuh/wazuh/issues/31294
Also, you can enable debug mode by appending `windows.debug=2` in the "C:\Program Files (x86)\ossec-agent\local_internal_options.conf" file. After enabling debug mode, restart the Wazuh agent, and filter for sca logs in the "C:\Program Files (x86)\ossec-agent\ossec.log" log file by searching for `wm_sca.c`. This will provide more information about the sca check.
Remember to remove the debug setting once you’re done to avoid generating excessive logs.
doc dodo
3:30 AM (6 hours ago) 3:30 AM
to Wazuh | Mailing List
Hello, John.
Yes, OS language is English.
Debug logs show empty result of the command:
2026/01/22 11:11:05 sca[7648] wm_sca.c:1705 at wm_sca_read_command(): DEBUG: Command 'powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count' returned code 1
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(Get-ADGroup : A positional parameter cannot be found that accepts argument ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(Get-ADGroup : A positional parameter cannot be found that accepts argument ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)('Admins'.) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)('Admins'.) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1943 at wm_sca_regex_numeric_comparison(): DEBUG: Captured value: '1'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1960 at wm_sca_regex_numeric_comparison(): DEBUG: Converted value: '1'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1779 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Partial comparison '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1830 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value given for comparison: '3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1860 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value converted: '3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1863 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Operation is '1 == 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1963 at wm_sca_regex_numeric_comparison(): DEBUG: Comparison result '1 == 3' -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(At line:1 char:2) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(At line:1 char:2) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(+ (Get-ADGroup -Identity Domain Admins -Properties Members).Members.Cou ...) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(+ (Get-ADGroup -Identity Domain Admins -Properties Members).Members.Cou ...) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( + CategoryInfo : InvalidArgument: (:) [Get-ADGroup], ParameterBin ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( + CategoryInfo : InvalidArgument: (:) [Get-ADGroup], ParameterBin ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( dingException) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( dingException) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDire ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDire ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( ctory.Management.Commands.GetADGroup) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( ctory.Management.Commands.GetADGroup) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(EMPTY_LINE) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(EMPTY_LINE) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1761 at wm_sca_read_command(): DEBUG: Result for (n:(\d+) compare == 3)(powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1279 at wm_sca_do_scan(): DEBUG: Result for rule 'c:powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count -> n:(\d+) compare == 3': 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1286 at wm_sca_do_scan(): DEBUG: Breaking from rule aggregator 'all' with found = 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1302 at wm_sca_do_scan(): DEBUG: Result for check id: 330514 'Ensure AD DomainAdmins members.' -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:502 at wm_sca_read_files(): DEBUG: Calculating hash for scanned results.
2026/01/22 11:11:05 sca[7648] wm_sca.c:2964 at wm_sca_hash_integrity(): DEBUG: Concatenating check results:
2026/01/22 11:11:05 sca[7648] wm_sca.c:2967 at wm_sca_hash_integrity(): DEBUG: ID: 330514; Result: 'failed'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(Get-ADGroup : A positional parameter cannot be found that accepts argument ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(Get-ADGroup : A positional parameter cannot be found that accepts argument ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)('Admins'.) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)('Admins'.) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1943 at wm_sca_regex_numeric_comparison(): DEBUG: Captured value: '1'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1960 at wm_sca_regex_numeric_comparison(): DEBUG: Converted value: '1'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1779 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Partial comparison '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1830 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value given for comparison: '3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1860 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value converted: '3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1863 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Operation is '1 == 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1963 at wm_sca_regex_numeric_comparison(): DEBUG: Comparison result '1 == 3' -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(At line:1 char:2) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(At line:1 char:2) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(+ (Get-ADGroup -Identity Domain Admins -Properties Members).Members.Cou ...) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(+ (Get-ADGroup -Identity Domain Admins -Properties Members).Members.Cou ...) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( + CategoryInfo : InvalidArgument: (:) [Get-ADGroup], ParameterBin ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( + CategoryInfo : InvalidArgument: (:) [Get-ADGroup], ParameterBin ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( dingException) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( dingException) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDire ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDire ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( ctory.Management.Commands.GetADGroup) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( ctory.Management.Commands.GetADGroup) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)( ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)( ) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1911 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: '(\d+)'. Partial comparison: '== 3'
2026/01/22 11:11:05 sca[7648] wm_sca.c:1926 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex '(\d+)'
2026/01/22 11:11:05 sca[7648] wm_sca.c:2040 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:(\d+) compare == 3)(EMPTY_LINE) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:2043 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:(\d+) compare == 3)(EMPTY_LINE) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1761 at wm_sca_read_command(): DEBUG: Result for (n:(\d+) compare == 3)(powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count) -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1279 at wm_sca_do_scan(): DEBUG: Result for rule 'c:powershell (Get-ADGroup -Identity "Domain Admins" -Properties Members).Members.Count -> n:(\d+) compare == 3': 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1286 at wm_sca_do_scan(): DEBUG: Breaking from rule aggregator 'all' with found = 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:1302 at wm_sca_do_scan(): DEBUG: Result for check id: 330514 'Ensure AD DomainAdmins members.' -> 0
2026/01/22 11:11:05 sca[7648] wm_sca.c:502 at wm_sca_read_files(): DEBUG: Calculating hash for scanned results.
2026/01/22 11:11:05 sca[7648] wm_sca.c:2964 at wm_sca_hash_integrity(): DEBUG: Concatenating check results:
2026/01/22 11:11:05 sca[7648] wm_sca.c:2967 at wm_sca_hash_integrity(): DEBUG: ID: 330514; Result: 'failed'
среда, 21 января 2026 г. в 18:26:16 UTC+3, John Adewale Olatunde:
Reply all
Reply to author
Forward
0 new messages