Yahoo Web Search

Sign In

Search results

    • Clearing the audit log

      • Windows security event log ID 1102 Event 1102 relates to clearing the audit log. You should never see event 1102 in your audit logs unless you have cleared the log intentionally. Attackers often clear audit logs to cover their tracks. You’ll want to know what user cleared the log as this will be an indicator of account takeover.
      www.csoonline.com › article › 569481

      The most important Windows 10 security event log IDs to ...

  2. People also ask

  3. learn.microsoft.com › auditing › event-11021102 (S) The audit log was cleared. - Windows 10 | Microsoft ...

    Sep 7, 2021 · There is no need to manually clear the Security event log in most cases. We recommend monitoring this event and investigating why this action was performed. Though you shouldn't normally see it, this event generates every time Windows Security audit log is cleared. This is for event 1102 (S).

  4. www.ultimatewindowssecurity.com › securitylogWindows Security Log Event ID 1102 - The audit log was cleared

    Event 1102 is logged whenever the Security log is cleared, REGARDLESS of the status of the Audit System Events audit policy. The Account Name and Domain Name fields identify the user who cleared the log. Logon ID allows you to correlate backwards to the logon event as well as with other events logged during the same logon session.

    • Non Audit (Event Log)• Log clear
    • Success
    • 517

  5. www.csoonline.com › article › 569481The most important Windows 10 security event log IDs to ...

    Jun 17, 2020 · Windows security event log ID 1102. Event 1102 relates to clearing the audit log. You should never see event 1102 in your audit logs unless you have cleared the log intentionally....

  6. attack.mitre.org › techniques › T1070Indicator Removal: Clear Windows Event Logs - MITRE ATT&CK®

    Monitor for unexpected deletion of Windows event logs (via native binaries) and may also generate an alterable event (Event ID 1102: "The audit log was cleared"). When an eventlog is cleared, a new event is created that alerts that the eventlog was cleared.

    Id
    Name
    Description
    G0007
    APT28
    APT28 has cleared event logs, including ...
    G0050
    APT32
    APT32 has cleared select event log ...
    G0082
    APT38
    APT38 clears Window Event logs and Sysmon ...
    G0096
    APT41
    APT41 attempted to remove evidence of ...

    See full list on attack.mitre.org

  7. www.ultimatewindowssecurity.com › securitylogWindows Security Log Encyclopedia

    Windows: 1100: The event logging service has shut down: Windows: 1101: Audit events have been dropped by the transport. Windows: 1102: The audit log was cleared: Windows: 1104: The security Log is now full: Windows: 1105: Event log automatic backup: Windows: 1108: The event logging service encountered an error : Windows: 4608: Windows is ...

  8. www.manageengine.com › event-id-1102Event ID 1102 - The audit log was cleared - ManageEngine

    Event 1102 applies to the following operating systems: Windows 2008 R2 and 7. Windows 2012 R2 and 8.1. Windows 2016 and 10. Corresponding event ID in Windows 2003 and earlier is 517. Explore Active Directory auditing and reporting with ADAudit Plus.

  1. Searches related to microsoft event id 1102

    microsoft event id 1102 errormicrosoft event id 1003
    microsoft event id 1102 windows 10microsoft event id list
    microsoft event id 1102 downloadmicrosoft event id 1102 missing
    microsoft event id 1102 failedmicrosoft event id 1102 code
  2. People also search for