F050Suspiciousvalidator: blocked

Anti-forensics: Security event log cleared

Security event log cleared (Event 1102)

Analyst narrative

candidate cand-0187 fact_ids=event_log_fact-0043765. Event ID 1102 (Microsoft-Windows-Eventlog, Security) indicates the audit log was cleared on 2018-03-14.

Claims asserted

pathevent_log_fact-0043765

Proof chain · 0 facts

Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.

Source tools

parse_event_logs