PowerShell Console History Logs Deleted (ff301988-c231-4bd0-834c-ac9d73b86586)
Detects the deletion of the PowerShell console History logs which may indicate an attempt to destroy forensic evidence
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) | Attack Pattern | PowerShell Console History Logs Deleted (ff301988-c231-4bd0-834c-ac9d73b86586) | Sigma-Rules | 1 |