Delete helk_sysmon_wevtutil.yml

fix https://github.com/Cyb3rWard0g/HELK/issues/345
2019-10-02 21:31:17 -04:00 · 2019-10-02 21:31:17 -04:00 · eadc7aa810
parent a4d3a39a28
commit eadc7aa810
1 changed files with 0 additions and 13 deletions
--- a/docker/helk-elastalert/rules/helk_sysmon_wevtutil.yml
+++ b/docker/helk-elastalert/rules/helk_sysmon_wevtutil.yml
@ -1,13 +0,0 @@
-alert:
- debug
-description: Detects adversaries clearing logs via wevtutil
-filter:
- query:
-    query_string:
-      query: (event_id:1 AND process_command_line:wevtutil AND process_command_line:cl)
-index: logs-endpoint-winevent-sysmon-*
-name: Windows-wevtutil-clear-logs_0
-priority: 2
-realert:
-  minutes: 0
-type: any