One of the Windows Eventlogs has been cleared. e.g. caused by "wevtutil cl" command execution
Read MoreDetects the clearing of one of the Windows Core Eventlogs. e.g. caused by "wevtutil cl" command execution
Read MoreDetects a command that clears or disables any ETW trace log which could indicate a logging evasion.
Read MoreOne of the Windows Eventlogs has been cleared. e.g. caused by "wevtutil cl" command execution
Read MoreDetects clearing or configuration of eventlogs using wevtutil, powershell and wmic. Might be used by ransomwares during the attack (seen by NotPetya and others).
Read More