From 600a7cd0e8975c4a771ad2bbbdd71e05f812ee09 Mon Sep 17 00:00:00 2001
From: Tim Shelton <tshelton@hawkdefense.com>
Date: Thu, 19 May 2022 17:16:39 +0000
Subject: [PATCH] Re-adding accidently removed entry

---
 .../windows/builtin/system/win_system_susp_eventlog_cleared.yml  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/windows/builtin/system/win_system_susp_eventlog_cleared.yml b/rules/windows/builtin/system/win_system_susp_eventlog_cleared.yml
index 480024135..dc23dc745 100644
--- a/rules/windows/builtin/system/win_system_susp_eventlog_cleared.yml
+++ b/rules/windows/builtin/system/win_system_susp_eventlog_cleared.yml
@@ -18,6 +18,7 @@ tags:
 logsource:
     product: windows
     service: system
+detection:
     selection:
         EventID: 104
         Provider_Name: Microsoft-Windows-Eventlog