Home/ MITRE Matrix/ Defense Evasion/ T1685.005

T1685.005Clear Windows Event Logs

T1685.005 — Clear Windows Event Logs is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 5 detection use cases covering it.

Defense Evasion

View on the matrix → Filter Detection Library MITRE official spec ↗

5Use cases

0Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1685 · Disable or Modify Tools

Use cases covering this technique (5)

Disable Logs Using WevtUtil ESCU actions · alerting P Suspicious wevtutil Usage ESCU actions · alerting P Windows Event Log Cleared ESCU actions · alerting P Windows Event Logging Service Has Shutdown ESCU actions · hunting P Windows Eventlog Cleared Via Wevtutil ESCU actions · hunting P