Skip to content

Hide Navigation Hide TOC

Security Event Logging Disabled via MiniNt Registry Key - Process (1a4bd6af-99ac-4466-b5b2-7b72b4a05462)

Detects attempts to disable security event logging by adding the MiniNt registry key. This key is used to disable the Windows Event Log service, which collects and stores event logs from the operating system and applications. Adversaries may want to disable this service to prevent logging of security events that could be used to detect their activities.

Cluster A Galaxy A Cluster B Galaxy B Level
Security Event Logging Disabled via MiniNt Registry Key - Process (1a4bd6af-99ac-4466-b5b2-7b72b4a05462) Sigma-Rules Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
Security Event Logging Disabled via MiniNt Registry Key - Process (1a4bd6af-99ac-4466-b5b2-7b72b4a05462) Sigma-Rules Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 2