EventLog EVTX File Deleted (63c779ba-f638-40a0-a593-ddd45e8b1ddc)
Detects the deletion of the event log files which may indicate an attempt to destroy forensic evidence
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| EventLog EVTX File Deleted (63c779ba-f638-40a0-a593-ddd45e8b1ddc) | Sigma-Rules | Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) | Attack Pattern | 1 |