AnonymousJul 22, 2019Clearing audit logs from Domain Controller Hi there, Clearing the event logs from the Domain Controller or workstation could be a sign of malicious behavior. Does Microsoft ATA currently alert on this? Show More
EliOfekMicrosoftJul 22, 2019Deleted , No, there is no detection for this. Tali Ash , did we ever consider this?
Anonymous to EliOfekJul 23, 2019EliOfek If you consider adding it to ATA. You might add Event 1100 to it as well.This event shows up when someone shuts down the event logs.Tali AshFormer Employee to AnonymousJul 23, 2019Thanks Deleted , we will look into it, currently are not planning at add such detection. Thanks, Tali
Anonymous to EliOfekJul 23, 2019EliOfek If you consider adding it to ATA. You might add Event 1100 to it as well.This event shows up when someone shuts down the event logs.
Tali AshFormer Employee to AnonymousJul 23, 2019Thanks Deleted , we will look into it, currently are not planning at add such detection. Thanks, Tali
