Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query was originally published in the threat analytics report, Ransomware continues to hit healthcare, critical services. There is also a related blog. In April of 2020, security researchers observed multiple ransomware campaigns using the same set of techniques. The following query detects attempts to use fsutil.exe to clear system logs and delete forensic artifacts. The See also section below lists more queries related to techniques shared by these campaigns. Reference - https://www.micro
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 5aa2b168-ab4f-44ab-8668-7845c7defcb1 |
| Tactics | Defense evasion |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Defense%20evasion/clear-system-logs.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊