Merge pull request #1900 from ZikyHD/add_fields

Add fields to event log cleared
2021-08-23 17:15:32 +02:00
parent 52595de85e 037f33b5e2
commit cac40065b0
1 changed files with 4 additions and 1 deletions
@@ -18,6 +18,9 @@ detection:
        EventID: 1102
    condition: selection
 fields:
-    - fields in the log source that are important to investigate further
+    - SubjectLogonId
+    - SubjectUserName
+    - SubjectUserSid
+    - SubjectDomainName
 falsepositives:
    - Legitimate administrative activity