Discovers anomalous activity such as the deletion of or clearing of log files. Attackers oftentimes clear the log files in order to hide their actions, therefore, this may indicate that the system has been compromised.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring, Insider Threat
Category
Endpoint Compromise, Insider Threat
Alert Volume
Discovers anomalous activity such as the deletion of or clearing of log files. Attackers oftentimes clear the log files in order to hide their actions, therefore, this may indicate that the system has been compromised.
SPL Difficulty
Medium
Journey
Stage 2
MITRE ATT&CK Tactics
Defense Evasion
MITRE ATT&CK Techniques
Indicator Removal on Host
Clear Command History
File Deletion
File Deletion
Clear Command History
MITRE Threat Groups
APT18
APT28
APT29
APT3
APT32
APT38
APT41
BRONZE BUTLER
Cobalt Group
Dragonfly 2.0
FIN10
FIN5
FIN6
FIN8
Gamaredon Group
Group5
Honeybee
Kimsuky
Lazarus Group
Magic Hound
OilRig
Patchwork
Rocke
Sandworm Team
Silence
TEMP.Veles
The White Company
Threat Group-3390
Tropic Trooper
Wizard Spider
menuPass
Data Sources
Windows Security