Exchange PowerShell Cmdlet History Deleted (a55349d8-9588-4c5a-8e3b-1925fe2a4ffe)
Detects the deletion of the Exchange PowerShell cmdlet History logs which may indicate an attempt to destroy forensic evidence
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Exchange PowerShell Cmdlet History Deleted (a55349d8-9588-4c5a-8e3b-1925fe2a4ffe) | Sigma-Rules | Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) | Attack Pattern | 1 |