集計機能の和訳 JP Translation Event ID Statistics

Yamato-Security · May 24, 2021 · c694eb1 · c694eb1
1 parent a1cf67c
commit c694eb1
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 17 deletions.
diff --git a/Config/Language/en.ps1 b/Config/Language/en.ps1
@@ -2,6 +2,20 @@
 language config:English version
 #>
 
+# function Create-EventIDStatistics
+$Create_EventIDStatistics_CreatingStatisticsMessage = "Creating Event ID Statistics.`nPlease be patient."
+$Create_EventIDStatistics_TotalEventLogs = "Total event logs:"
+$Create_EventIDStatistics_FileSize = "File size:"
+$Create_EventIDStatistics_FirstEvent = "First event:"
+$Create_EventIDStatistics_LastEvent = "Last event:"
+$Create_EventIDStatistics_ProcessingTime = "Processing time: {0} hours {1} minutes {2} seconds."
+$Create_EventIDStatistics_Count = "Count"
+$Create_EventIDStatistics_ID = "ID"
+$Create_EventIDStatistics_Event = "Event"
+$Create_EventIDStatistics_TimelineOutput = "Timeline Output"
+$Create_EventIDStatistics_Comment = "Comment"
+
+
 $1100 = @{
     EventTitle = 'Event logging service was shut down';
     Comment    = 'Good for finding signs of anti-forensics but most likely false positives when the system shuts down.';
@@ -290,7 +304,7 @@ $Create_LogonTimeline_SourceWorkstation = "Source Workstation"
 $Create_LogonTimeline_SourceIpAddress = "Source IP Address"
 $Create_LogonTimeline_SourceIpPort = "Source Port"
 $Create_LogonTimeline_LogonID = "Logon ID"
-$Create_LogonTimeline_Processing_Time = "Processing time: {0} hours {1} minutes {2} seconds"
+$Create_LogonTimeline_Processing_Time = "Processing time: {0} hours {1} minutes {2} seconds."
 $Create_LogonTimeline_NoLogoffEvent = "No logoff event"
 $Create_LogonTimeline_Total_Logon_Event_Records = "Total logon event records: "
 $Create_LogonTimeline_Data_Reduction = "Log event data reduction: "
@@ -308,3 +322,6 @@ $Create_LogonTimeline_Type11 = "Type 11 CachedInteractive/Cached Credentials Log
 $Create_LogonTimeline_Type12 = "Type 12 CachedRemoteInteractive (Ex: RDP with cached credentials, Microsoft Live Accounts):"
 $Create_LogonTimeline_Type13 = "Type 13 CachedUnlocked Logons (Ex: Unlock or RDP reconnect without authenticated to DC):"
 $Create_LogonTimeline_TypeOther = "Other Type Logons:"
+
+
+
diff --git a/Config/Language/ja.ps1 b/Config/Language/ja.ps1
@@ -3,7 +3,19 @@ language config:Japanese version
 #>
 
 
-# Event ID Statistics
+# function Create-EventIDStatistics
+$Create_EventIDStatistics_CreatingStatisticsMessage = "イベントIDを集計します。`n少々お待ちください。"
+$Create_EventIDStatistics_TotalEventLogs = "イベントの合計:"
+$Create_EventIDStatistics_FileSize = "ファイルサイズ:"
+$Create_EventIDStatistics_FirstEvent = "最初のイベント:"
+$Create_EventIDStatistics_LastEvent = "最後のイベント:"
+$Create_EventIDStatistics_ProcessingTime = "処理時間：{0}時{1}分{2}秒"
+$Create_EventIDStatistics_Count = "カウント"
+$Create_EventIDStatistics_ID = "ID"
+$Create_EventIDStatistics_Event = "イベント"
+$Create_EventIDStatistics_TimelineOutput = "タイムライン出力"
+$Create_EventIDStatistics_Comment = "コメント"
+
 $1100 = @{
     EventTitle = 'イベントログサービスがシャットダウンしました。';
     Comment    = 'Good for finding signs of anti-forensics but most likely false positives when the system shuts down.';
@@ -313,3 +325,4 @@ $Create_LogonTimeline_Type11 = "タイプ 11 キャッシュされた認証情
 $Create_LogonTimeline_Type12 = "タイプ 12 キャッシュされた認証情報によるリモートインタラクティブログオン (例：キャッシュされた認証情報によるRDP、Microsoftライブアカウントの使用):"
 $Create_LogonTimeline_Type13 = "タイプ 13 キャッシュされた認証情報によるロック解除のログオン (例：DCに接続できない場合のロック解除またはRDP再接続):"
 $Create_LogonTimeline_TypeOther = "その他のタイプのログオン:"
+
diff --git a/yea-security-timeline.ps1 b/yea-security-timeline.ps1
@@ -273,11 +273,9 @@ function Create-EventIDStatistics {
     # - Implement save-output
     # - Add comments to event IDs
     # - Explicitly output results in a table
-    # - Translate everything
 
     Write-Host
-    Write-Host "Creating Event ID Statistics"
-    Write-Host "Please be patient."
+    Write-Host $Create_EventIDStatistics_CreatingStatisticsMessage # "Creating Event ID Statistics. Please be patient." 
     Write-Host
 
     $WineventFilter = @{}
@@ -325,10 +323,10 @@ function Create-EventIDStatistics {
         $FirstEventTimestamp = $logs[0].TimeCreated.ToString($DateFormat) 
         $LastEventTimestamp = $logs[-1].TimeCreated.ToString($DateFormat)  
 
-        Write-Host "Total Event Logs: $TotalNumberOfLogs"
-        Write-Host "File Size: $filesize"
-        Write-Host "First event: $FirstEventTimestamp"
-        Write-Host "Last event: $LastEventTimestamp"
+        Write-Host "$Create_EventIDStatistics_TotalEventLogs $TotalNumberOfLogs" # "Total event logs: "
+        Write-Host "$Create_EventIDStatistics_FileSize $filesize" # "File size: "
+        Write-Host "$Create_EventIDStatistics_FirstEvent $FirstEventTimestamp" #  "First event: "
+        Write-Host "$Create_EventIDStatistics_LastEvent $LastEventTimestamp" # "Last event:  "
 
         $sorted = $eventlist.GetEnumerator() | sort Value -Descending    #sorted gets turn into an array    
         [System.Collections.ArrayList]$ArrayWithHeader = @()
@@ -340,7 +338,7 @@ function Create-EventIDStatistics {
             $EventInfo = EventInfo($Name)
             $PercentOfLogs = [math]::Round( ( $Value / $TotalNumberOfLogs * 100 ), 1 )
             $CountPlusPercent = "$value ($PercentOfLogs%)" 
-            $val = [pscustomobject]@{'Count' = $CountPlusPercent ; 'ID' = $Name ; 'Event' = $EventInfo.EventTitle ; 'Timeline Detection' = $EventInfo.TimelineDetect } #; 'Comment' = $EventInfo.Comment
+            $val = [pscustomobject]@{$Create_EventIDStatistics_Count = $CountPlusPercent ; $Create_EventIDStatistics_ID = $Name ; $Create_EventIDStatistics_Event = $EventInfo.EventTitle ; $Create_EventIDStatistics_TimelineOutput = $EventInfo.TimelineDetect } #; $Create_EventIDStatistics_Comment = $EventInfo.Comment
             $ArrayWithHeader.Add($val) > $null
 
         }
@@ -353,7 +351,7 @@ function Create-EventIDStatistics {
         $RuntimeSeconds = $TempTimeSpan.Seconds.ToString()
 
         Write-Host
-        Write-Host "Processing time: $RuntimeHours hours $RuntimeMinutes minutes $RuntimeSeconds seconds"
+        Write-Host ( $Create_EventIDStatistics_ProcessingTime -f $RuntimeHours, $RuntimeMinutes, $RuntimeSeconds )
 
         $ArrayWithHeader
 
@@ -392,10 +390,10 @@ function Create-EventIDStatistics {
         $FirstEventTimestamp = $logs[0].TimeCreated.ToString($DateFormat) 
         $LastEventTimestamp = $logs[-1].TimeCreated.ToString($DateFormat)  
 
-        Write-Host "Total Event Logs: $TotalNumberOfLogs"
-        Write-Host "File Size: $filesize"
-        Write-Host "First event: $FirstEventTimestamp"
-        Write-Host "Last event: $LastEventTimestamp"
+        Write-Host "$Create_EventIDStatistics_TotalEventLogs $TotalNumberOfLogs" # "Total event logs: "
+        Write-Host "$Create_EventIDStatistics_FileSize $filesize" # "File size: "
+        Write-Host "$Create_EventIDStatistics_FirstEvent $FirstEventTimestamp" #  "First event: "
+        Write-Host "$Create_EventIDStatistics_LastEvent $LastEventTimestamp" # "Last event:  "
 
         $sorted = $eventlist.GetEnumerator() | sort Value -Descending    #sorted gets turn into an array    
         [System.Collections.ArrayList]$ArrayWithHeader = @()
@@ -407,7 +405,7 @@ function Create-EventIDStatistics {
             $EventInfo = EventInfo($Name)
             $PercentOfLogs = [math]::Round( ( $Value / $TotalNumberOfLogs * 100 ), 1 )
             $CountPlusPercent = "$value ($PercentOfLogs%)" 
-            $val = [pscustomobject]@{'Count' = $CountPlusPercent ; 'ID' = $Name ; 'Event' = $EventInfo.EventTitle ; 'Timeline Detection' = $EventInfo.TimelineDetect } #; 'Comment' = $EventInfo.Comment
+            $val = [pscustomobject]@{$Create_EventIDStatistics_Count = $CountPlusPercent ; $Create_EventIDStatistics_ID = $Name ; $Create_EventIDStatistics_Event = $EventInfo.EventTitle ; $Create_EventIDStatistics_TimelineOutput = $EventInfo.TimelineDetect } #; $Create_EventIDStatistics_Comment = $EventInfo.Comment
             $ArrayWithHeader.Add($val) > $null
 
         }
@@ -420,7 +418,7 @@ function Create-EventIDStatistics {
         $RuntimeSeconds = $TempTimeSpan.Seconds.ToString()
 
         Write-Host
-        Write-Host "Processing time: $RuntimeHours hours $RuntimeMinutes minutes $RuntimeSeconds seconds"
+        Write-Host ( $Create_EventIDStatistics_ProcessingTime -f $RuntimeHours, $RuntimeMinutes, $RuntimeSeconds )
 
         $ArrayWithHeader