security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning] Add system index to Windows Event Logs Cleared (#1502)

Browse Source 
(cherry picked from commit 63d6a54804)
This commit is contained in:
Justin Ibarra
2021-09-24 09:04:56 -08:00
committed by github-actions[bot]
parent 5b13666054
commit 371247b0b2
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/defense_evasion_clearing_windows_security_logs.toml
+1 -1
View File
@@ -10,7 +10,7 @@ Identifies attempts to clear Windows event log stores. This is often done by att
or destroy forensic evidence on a system.
"""
from = "now-9m"
index = ["winlogbeat-*", "logs-windows.*"]
index = ["winlogbeat-*", "logs-windows.*", "logs-system.*"]
language = "kuery"
license = "Elastic License v2"
name = "Windows Event Logs Cleared"