Description:TECHNICAL FIELD
The present disclosure relates generally to file auditing and more specifically relates to techniques for examining, analyzing, and advising on operating system device security based on audit report generation.

BACKGROUND

[0001] In a system including network, software applications, physical gear and administration, it is important to track parameters relating to such system. The audit comprises assessments of the network, software applications, physical gear, and administration. Consequently, the evaluation process may help a business or organization evaluate its current security posture.
[0002] There are techniques known in the art which disclose techniques for file auditing. For example, reference can be made to US20210174353A1 which discloses performing an electronic audit of an electronic document. Further, reference can be made to US9489523B2 which discloses forcing file access auditing. However, none of the techniques known in the art disclose examining, analyzing and advising on operating system device security based on audit report production.

OBJECTS OF THE INVENTION

[0003] The principal object of the present invention is to provide techniques for examining, analyzing and advising on the audit report of the operating system device.
[0004] Another object of the present invention is to provide techniques for locating and reading configuration of the operating system device.

[0005] Another object of the present invention is to provide techniques for using extra modules to read configurations that are not in the registry in addition to reading registry settings.

SUMMARY OF THE INVENTION

[0006] The system for examining, analyzing, and advising on security of a device using operating system based on audit report production is the subject of the present invention. Windows system hardening is supported by the system. The system is retrieved and assessed using a finding list. Additionally, the system may be made more resilient using predefined parameters. The system uses extra modules to read configurations that are not in the registry in addition to reading registry settings.

[0007] In one embodiment, a system (100) for analysing report relating to an operating system are disclosed. The system comprises a memory (102), a processor (104), an audit report generation module (106) configured to generate report relating to the operating system running on a computing device, wherein the report relates to details related to files and folders present on the computing device, and a configuration storage (108) is configured to store system configuration, wherein the configuration is configured to analyse the audit report.

[0008] In another embodiment, a method for analyzing report relating to an operating system is disclosed. The method comprises generating report relating to the operating system running on a computing device, wherein the report relates to details related to files and folders present on the computing device, and storing system configuration, wherein the configuration is configured to analyze the audit report.

BRIEF DESCRIPTION OF DRAWINGS

[0009] Figure 1 illustrates a system for examining, analyzing, and advising on security of a device using operating system based on audit report production, in accordance with one embodiment of the present invention.
[0010] Figure 2 illustrates a flowchart of a method for examining, analyzing, and advising on security of a device using operating system based on audit report production, in accordance with one embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0011] While the present invention is described herein by way of example using embodiments and illustrative drawings, those skilled in the art will recognize that the invention is not limited to the embodiments of drawing or drawings described and are not intended to represent the scale of the various components. Further, some components that may form a part of the invention may not be illustrated in certain figures, for ease of illustration, and such omissions do not limit the embodiments outlined in any way. It should be understood that the drawings and the detailed description thereto are not intended to limit the invention to the particular form disclosed, but on the contrary, the invention is to cover all modifications, equivalents, and alternatives falling within the scope of the present invention as defined by the appended claim.
[0012] As used throughout this description, the word "may" is used in a permissive sense (i.e. meaning having the potential to), rather than the mandatory sense, (i.e. meaning must). Further, the words "a" or "an" mean "at least one” and the word “plurality” means “one or more” unless otherwise mentioned. Furthermore, the terminology and phraseology used herein are solely used for descriptive purposes and should not be construed as limiting in scope. Language such as "including," "comprising," "having," "containing," or "involving," and variations thereof, is intended to be broad and encompass the subject matter listed thereafter, equivalents, and additional subject matter not recited, and is not intended to exclude other additives, components, integers, or steps. Likewise, the term "comprising" is considered synonymous with the terms "including" or "containing" for applicable legal purposes. Any discussion of documents, acts, materials, devices, articles, and the like are included in the specification solely for the purpose of providing a context for the present invention. It is not suggested or represented that any or all these matters form part of the prior art base or were common general knowledge in the field relevant to the present invention.
[0013] In this disclosure, whenever a composition or an element or a group of elements is preceded with the transitional phrase “comprising”, it is understood that we also contemplate the same composition, element, or group of elements with transitional phrases “consisting of”, “consisting”, “selected from the group of consisting of, “including”, or “is” preceding the recitation of the composition, element or group of elements and vice versa.
[0014] The present invention is described hereinafter by various embodiments with reference to the accompanying drawing, wherein reference numerals used in the accompanying drawing correspond to the like elements throughout the description. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiment set forth herein. Rather, the embodiment is provided so that this disclosure will be thorough and complete and will fully convey the scope of the invention to those skilled in the art. In the following detailed description, numeric values and ranges are provided for various aspects of the implementations described. These values and ranges are to be treated as examples only and are not intended to limit the scope of the claims. In addition, several materials are identified as suitable for various facets of the implementations. These materials are to be treated as exemplary and are not intended to limit the scope of the invention.
[0015] Referring to FIG. 1, a system 100 for examining, analyzing and advising on audit report prepared in an operating system device is disclosed. The system 100 comprises a memory 102, a processor 104, an audit report generation module 106 and a configuration storage 108. In one embodiment, the operating system includes windows operating system. The operating system may be installed in a computing device. In one embodiment, the computing device may include a laptop, a computer, a tablet or a mobile phone running the windows operating system.
[0016] The audit report generation module 106 is configured to generate audit report for recording events. When conducting Windows network forensics, knowing when, where, and who generated these events may be helpful. Additionally, it could be quite helpful in spotting particular issues, such erroneous file system permissions assignments. By examining Windows security and system events, Windows auditing can identify steps to enhance security management and lower the risk of unauthorized access and unwanted alterations. Thorough Windows auditing helps businesses stay in compliance with data security standards, spot potential threats (such unauthorized changes) early on, and reduce the likelihood of a data breach. The audit report generation module 106 defines one or more windows audit policies to track which events a user wants to track and what actions are recorded for each of these events are specified. For instance, the audit policy could state that while you shouldn't audit login attempts made on your company's property, you should report any remote access to a Windows PC.
[0017] Events may be tracked using Windows auditing. Knowing who, what, and when these events were created may be helpful when performing Windows network forensics. Additionally, it could be quite useful in identifying specific problems, such incorrect file system permissions assignments. Windows auditing can reveal methods to improve security management and lower the risk of unauthorized access and unwanted changes to your systems by examining Windows security and system events. comprehensive Windows auditing helps organizations stay comply with data security regulations, identify possible dangers (such unauthorised modifications) early, and reduce the risk of a data breach. Windows auditing must be enabled in order to investigate security incidents, address issues, and enhance the IT infrastructure.
[0018] The memory 102 further includes a local registry and policy variables. The local registry and policy variables are examined using policy analysis, and they are compared to a predetermined baseline. All the rules necessary to validate the Group Policy and Registry settings supplied in the Windows 10 Hardening checklist are contained in the PolicyRule file from aha-181.
[0019] The system 100 supports windows system hardening. The configuration storage 108 stores configuration information. In one embodiment, the system configuration is retrieved and assessed using a finding list. Additionally, the system 100 may be made more resilient using predefined parameters. The system 100 uses extra modules to read configurations that are not in the registry in addition to reading registry settings.
[0020] The processor 104 is configured to run the script with administrator rights to view system settings. It is better to use the user using a typical user account, settings. Ideally, the user account should be used for routine chores.
[0021] In one embodiment, the processor 104 is configured to perform an audit, logs the findings in a file and saves them to a CSV file. The CSV file may be stored in the memory 102. The files' names and timestamps of the logs are generated automatically. A user may also define their own name and directory by using the ReportFile or LogFile parameters. In one embodiment, ReportFile or LogFile parameters may also be stored in the memory 102.
[0022] In one embodiment, a FileFindingList option allows the system to operate with a specific list. If the system is run several times on the same system, it could be beneficial to hide the machine information. By selecting the option SkipMachineInformation, this is achieved.
[0023] In one embodiment, the processor 104 has a function for getting the current configuration from the configuration storage 108 and saving it in an easily restoreable manner inside the memory 102. The Optional Backup indicates that the file is written in the form of a finding list and hence suitable for HailMary mode. The BackupFile argument allows you to provide the name and location of the backup.
[0024] The audit report contains details such as File path, Access type (read, write, delete, rename, execute, ownership, permissions, write attributes), Object type (file, folder), Status (granted/denied), Date and time of access, details relating to the user, Domain related information, Source IP address, Machine name. The audit report provides a comprehensive, centralized and sortable list of access events (or access attempts) to paths you have selected:
Read, write, delete, rename accesses
File ownership changes
Permission modifications
File attributes changes

[0025] With the retrieved above information, a summary of all the files and the folders present on a computing device can be created via regular auditing. Using the generation of the audit report with all the above details along with a timestamp provided in each file, a summary of the files and folders along with various details such as time of creation, time of access by the user, permissions, machine name, source of machine address where the files and folder can be created.
[0026] In one embodiment, the system 100 may audit the account policies category initially. Further, thorough forensic analysis can be performed for all modifications and failed attempts to create, remove, modify, and change folder structures. The system 100 tracks the owners and permissions for file and folder access. To ensure a safe, uptime-free, and compliant network environment, Windows Failover Clusters may be examined. In one embodiment, the system 100 monitors the creation, modification, and deletion of CIFS files and directories, changing permissions, etc. on EMC servers and NetApp filers.
[0027] In one embodiment, the processor 104 is configured to highlight the status of GRE tunnels, PAC files, authentication frequency, PAC file sizes, Office 365 One Click, and IP visibility in the audit report generated by the audit report generation module 106. Every month, on the first, the report is published with an analysis covering everything as of that date.
[0028] In one embodiment, the system 100 provides for platform-level auditing to track access to the file system, failed object access attempts, and login and logout events. The processor 104 is configured to back up log files and check frequently for indications of shady behavior. To ensure that attackers cannot hide their tracks, the processor 104 is configured to secure log files using restricted access control lists and move system log files away from their default locations.
[0029] In one embodiment, the system 100 may enable Siebel Audit Trail to audit access to specific data fields or objects in the Siebel database. Enabling Siebel Audit Trail produces a log file of all the events that have occurred, which allows the Siebel database administrator to review the events and detect any suspicious activities.
[0030] Referring to FIG. 2 now, a flowchart 200 of a method for examining, analyzing and examining audit report is disclosed. At step 202, the method comprises generating audit report for a operating system running on a computing device. At step 204, the method comprises analyzing the audit report. At step 206, the method comprises retrieving system configuration and assessing the system configuration using a finding list.
[0031] The various actions, acts, blocks, steps, or the like in the flow diagram may be performed in the order presented, in a different order or simultaneously. Further, in some embodiments, some of the actions, acts, blocks, steps, or the like may be omitted, added, modified, skipped, or the like without departing from the scope of the invention.
[0032] Although particular embodiments of the invention have been described in detail for purposes of illustration, various modifications and enhancements may be made without departing from the spirit and scope of the invention.
, Claims:I/We Claim:
1. A system (100) for analysing report relating to an operating system, the system comprising:
a memory (102);
a processor (104);
an audit report generation module (106) configured to generate report relating to the operating system running on a computing device, wherein:
the report relates to details related to files and folders present on the computing device,
a configuration storage (108) is configured to store system configuration, wherein the configuration is configured to analyse the audit report.
.
2. The system as claimed in claim 1, wherein the report contains details such as File path, Access type (read, write, delete, rename, execute, ownership, permissions, write attributes), Object type (file, folder), Status (granted/denied), Date and time of access, details relating to the user, Domain related information, Source IP address, Machine name

3. The system as claimed in claim 1, wherein the operating system includes windows operating system.

4. The system as claimed in claim 1, wherein the processor is further configured to highlight status of GRE tunnels, PAC files, authentication frequency, PAC file sizes, Office 365 One Click, and IP visibility in the System Audit Report.

5. The system as claimed in claim 1, wherein the processor is configured to secure log files using restricted access control lists and move system log files away from their default locations.

6. A method for analysing report relating to an operating system, the system comprising:

generating report relating to the operating system running on a computing device, wherein the report relates to details related to files and folders present on the computing device,
storing system configuration, wherein the configuration is configured to analyse the audit report.
.
7. The method as claimed in claim 6, wherein the report contains details such as File path, Access type (read, write, delete, rename, execute, ownership, permissions, write attributes), Object type (file, folder), Status (granted/denied), Date and time of access, details relating to the user, Domain related information, Source IP address, Machine name

8. The method as claimed in claim 6, wherein the operating system includes windows operating system.

9. The system as claimed in claim 6, further comprising highlighting status of GRE tunnels, PAC files, authentication frequency, PAC file sizes, Office 365 One Click, and IP visibility in the System Audit Report.

10. The system as claimed in claim 6, further comprising secuing log files using restricted access control lists and move system log files away from their default locations.