Navigation :

Windows Event Log Cleared

Description

This search looks for Windows events that indicate one of the Windows event logs has been purged.

Help
Windows Event Log Cleared Help To successfully implement this search, you need to be ingesting Windows event logs from your hosts.

Help

Windows Event Log Cleared Help

To successfully implement this search, you need to be ingesting Windows event logs from your hosts.

Search
(`wineventlog_security` (EventCode=1102 OR EventCode=1100)) OR (`wineventlog_system` EventCode=104) \| stats count min(_time) as firstTime max(_time) as lastTime by EventCode dest \| `security_content_ctime(firstTime)` \| `security_content_ctime(lastTime)` \| `windows_event_log_cleared_filter` Open in Search

Search

(`wineventlog_security` (EventCode=1102 OR EventCode=1100)) OR (`wineventlog_system` EventCode=104) | stats count min(_time) as firstTime max(_time) as lastTime by EventCode dest | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` | `windows_event_log_cleared_filter`

Open in Search