From 6dea66bdecaf5dca8ea900c2789d4e10501eab61 Mon Sep 17 00:00:00 2001
From: Michael Haag
 <“mike@redcanary.com  git config --global user.name “Michael Haag>
Date: Tue, 2 Jan 2018 14:54:21 -0700
Subject: [PATCH] Defense Evastion

+ Added method to stop event logs
---
 Windows/Defense Evasion/Indicator_Removal_on_Host.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Windows/Defense Evasion/Indicator_Removal_on_Host.md b/Windows/Defense Evasion/Indicator_Removal_on_Host.md
index 5be6bba5..fcc2c881 100644
--- a/Windows/Defense Evasion/Indicator_Removal_on_Host.md	
+++ b/Windows/Defense Evasion/Indicator_Removal_on_Host.md	
@@ -20,6 +20,10 @@ Clear Application logs
 
     wevtutil cl Application
 
+Stop event logs
+
+    Wevtutil.exe sl Security /e:false
+
 ## Fsutil
 
 Manages the update sequence number (USN) change journal, which provides a persistent log of all changes made to files on the volume.