From 8a87fc35b2ff9c44ba23a27467bee2c6f673db84 Mon Sep 17 00:00:00 2001
From: "S.kiran kumar" <KIRAN_HIFI@YAHOO.COM>
Date: Sun, 11 Oct 2020 19:48:07 +0530
Subject: [PATCH] Update win_susp_security_eventlog_cleared.yml

---
 rules/windows/builtin/win_susp_security_eventlog_cleared.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rules/windows/builtin/win_susp_security_eventlog_cleared.yml b/rules/windows/builtin/win_susp_security_eventlog_cleared.yml
index a24e9d470..cc61bdf10 100644
--- a/rules/windows/builtin/win_susp_security_eventlog_cleared.yml
+++ b/rules/windows/builtin/win_susp_security_eventlog_cleared.yml
@@ -12,7 +12,6 @@ detection:
         EventID:
             - 517
             - 1102
-            - 104
     condition: selection
 falsepositives:
     - Rollout of log collection agents (the setup routine often includes a reset of the local Eventlog)