Update win_susp_security_eventlog_cleared.yml

2020-10-11 19:48:07 +05:30
parent 672bf99c6b
commit 8a87fc35b2
1 changed files with 0 additions and 1 deletions
@@ -12,7 +12,6 @@ detection:
        EventID:
            - 517
            - 1102
-            - 104
    condition: selection
 falsepositives:
    - Rollout of log collection agents (the setup routine often includes a reset of the local Eventlog)