The deletion of a Windows Event Viewer Security log is a common pattern of post-attack evasion by malicious software and attackers. By monitoring for this deletion, you can have immediate awareness of what should be an unusual activity — with the benefit of having those same deleted event logs stored in Blumira for analysis.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Prerequisites:
Testing Steps:
Clear-EventLog "Security"