From b275b259313069f0136b90715d2d6ff42c25e0d3 Mon Sep 17 00:00:00 2001
From: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
Date: Fri, 15 Oct 2021 17:47:45 +0900
Subject: [PATCH] Update README

---
 README-English.md  | 2 ++
 README-Japanese.md | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/README-English.md b/README-English.md
index 264be2af..46485354 100644
--- a/README-English.md
+++ b/README-English.md
@@ -27,6 +27,7 @@ Tested on Windows Powershell 5.1 but may work with previous versions. It will un
  - Japanese support
  - Event ID Statistics
  - Output to CSV to analyze in Timeline Explorer, etc...
+ - Analyze NTLM usage before disabling NTLM
 
 ## Planned Features
 
@@ -87,6 +88,7 @@ Create a timeline via offline analysis outputted to a GUI in UTC time:
     .\WELA.ps1 -LogFile .\Security.evtx -LogonTimeline -OutputGUI -UTC
 
 Analyze NTLM Operational logs for NTLM usage before disabling it:
+
     .\WELA.ps1 -AnalyzeNTLM_UsageBasic -LogFile .\DC1-NTLM-Operational.evtx
 
 ## Screenshots
diff --git a/README-Japanese.md b/README-Japanese.md
index 4b137524..cd0a244d 100644
--- a/README-Japanese.md
+++ b/README-Japanese.md
@@ -27,6 +27,7 @@ Windows Powershell 5.1で動作確認済みですが、以前のバージョン
  - 日本語対応
  - イベントIDの集計
  - Timeline Explorer等で解析するためのCSV出力
+ - NTLM認証を無効にする前に使用の確認
 
 ## 予定している機能
 
@@ -86,6 +87,10 @@ Windows Powershell 5.1で動作確認済みですが、以前のバージョン
 
     .\WELA.ps1 -LogFile .\Security.evtx -LogonTimeline -OutputGUI -UTC
 
+NTLM認証を無効にする前に使用を確認する:
+
+    .\WELA.ps1 -AnalyzeNTLM_UsageBasic -LogFile .\DC1-NTLM-Operational.evtx
+
 ## スクリーンショット
 
 ログオンタイムラインのGUI: