Windows - Deletion Event Log Detection Test

Deletion of Windows Event Log SIEM Detection Test

The deletion of a Windows Event Viewer Security log is a common pattern of post-attack evasion by malicious software and attackers. By monitoring for this deletion, you can have immediate awareness of what should be an unusual activity -- with the benefit of having those same deleted event logs stored in Blumira for analysis.

How to Test Deletion of Windows Security Log

Prerequisites:

Windows Host must be set up with NxLog configuration and properly logging to Blumira
GPO Advanced Logging (Logmira) - must be installed and logging properly to Blumira

Testing Steps:

There are various ways to delete the Security Event Viewer Logs, however the easiest is to use a PowerShell command
Open PowerShell with "Run as Administrator"
Run the command Clear-EventLog "Security"
This detection test will trigger a finding in your Blumira console and the appropriate notifications per your Blumira settings

Additional Security Resources

View All Posts

Customer Success Stories

5 min read | October 15, 2025

Customer Story: NineStar Connect Cuts Alert Resolution Time in Half with SOC Auto-Focus

Customer Success Stories

7 min read | September 16, 2025

Customer Story: MTC Federal Credit Union

Critical Microsoft SharePoint Server vulnerability

Security Trends and Info

9 min read | July 24, 2025

Critical Microsoft SharePoint Server vulnerability allows unauthorized code execution

Experience Blumira Today

Tired of fragmented security tools and alert fatigue? Blumira centralizes your security operations, offering deep insights and actionable intelligence to identify and remediate threats before they cause damage. Discover the power of proactive defense.

Get Your Trial