Hide Navigation Hide TOC Eventlog Cleared (a62b37e0-45d3-48d9-a517-90c1a1b0186b) One of the Windows Eventlogs has been cleared. e.g. caused by "wevtutil cl" command execution Cluster A Galaxy A Cluster B Galaxy B Level Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern Eventlog Cleared (a62b37e0-45d3-48d9-a517-90c1a1b0186b) Sigma-Rules 1 Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 2