++

Author: w0rk3r

docs/docset.yml

@@ -13,4 +13,32 @@ toc:
     detection_rules: ['../rules', '../rules_building_block']
   - folder: audit_policies/windows
     children:
-      - file: README.md
+      - file: README.md
+      - file: audit_policy_change.md
+      - file: audit_authorization_policy_change.md
+      - file: audit_detailed_file_share.md
+      - file: audit_directory_service_access.md
+      - file: audit_directory_service_changes.md
+      - file: audit_filtering_platform_connection.md
+      - file: audit_handle_manipulation.md
+      - file: audit_logon.md
+      - file: audit_process_creation_and_command_line.md
+      - file: audit_security_group_management.md
+      - file: audit_security_system_extension.md
+      - file: audit_sensitive_privilege_use.md
+      - file: audit_special_logon.md
+      - file: audit_token_right_adjusted_events.md
+      - file: audit_user_account_management.md
+      - file: audit_powershell_scriptblock.md
+      - file: sysmon_eventid1_process_creation.md
+      - file: sysmon_eventid2_file_creation_time_changed.md
+      - file: sysmon_eventid3_network_connection.md
+      - file: sysmon_eventid7_image_loaded.md
+      - file: sysmon_eventid8_createremotethread.md
+      - file: sysmon_eventid10_process_access.md
+      - file: sysmon_eventid11_file_create.md
+      - file: sysmon_eventid12_13_14_registry_event.md
+      - file: sysmon_eventid17_18_pipe_event.md
+      - file: sysmon_eventid19_20_21_wmi_event.md
+      - file: sysmon_eventid22_dns_query.md
+      - file: sysmon_eventid23_file_delete.md