ETW Trace Evasion Activity (a238b5d0-ce2d-4414-a676-7a531b3d13d6)

Detects command line activity that tries to clear or disable any ETW trace log which could be a sign of logging evasion.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	ETW Trace Evasion Activity (a238b5d0-ce2d-4414-a676-7a531b3d13d6)	Sigma-Rules	1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	ETW Trace Evasion Activity (a238b5d0-ce2d-4414-a676-7a531b3d13d6)	Sigma-Rules	1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	2