From e62c67c41803d8817c816325014294f073fc4a07 Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bhavin.j.patel91@gmail.com>
Date: Wed, 5 Feb 2025 14:16:15 -0800
Subject: [PATCH] Update suspicious_event_log_service_behavior.yml

---
 detections/deprecated/suspicious_event_log_service_behavior.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detections/deprecated/suspicious_event_log_service_behavior.yml b/detections/deprecated/suspicious_event_log_service_behavior.yml
index b4e976e370..df0db7774c 100644
--- a/detections/deprecated/suspicious_event_log_service_behavior.yml
+++ b/detections/deprecated/suspicious_event_log_service_behavior.yml
@@ -5,7 +5,7 @@ date: '2025-01-28'
 author: Mauricio Velazco, Splunk
 status: deprecated
 type: Hunting
-description: The following analytic detects the shutdown of the Windows Event Log
+description: This search has been deprecated in favour of Windows Event Logging Service Has Shutdown . The following analytic detects the shutdown of the Windows Event Log
   service using Windows Event ID 1100. This event is logged every time the service
   stops, including during normal system shutdowns. Monitoring this activity is crucial
   as it can indicate attempts to cover tracks or disable logging. If confirmed malicious,