Skip to content

Commit

Permalink
Update suspicious_event_log_service_behavior.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@patel-bhavin
patel-bhavin authored Feb 5, 2025
1 parent b6e8808 commit e62c67c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion detections/deprecated/suspicious_event_log_service_behavior.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ date: '2025-01-28'
author: Mauricio Velazco, Splunk
status: deprecated
type: Hunting
description: The following analytic detects the shutdown of the Windows Event Log
description: This search has been deprecated in favour of Windows Event Logging Service Has Shutdown . The following analytic detects the shutdown of the Windows Event Log
service using Windows Event ID 1100. This event is logged every time the service
stops, including during normal system shutdowns. Monitoring this activity is crucial
as it can indicate attempts to cover tracks or disable logging. If confirmed malicious,
Expand Down

0 comments on commit e62c67c

Please sign in to comment.