LetsDefend Monitoring Alert
Windows Event Logging Disabled
Feb, 08, 2024, 01:58 PM
Event ID: 224
Event Time: Feb, 08, 2024, 01:58 PM
Rule Name: SOC259 - Windows Event Logging Disabled
Alert Type: Malware
MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1136 - Persistence - Create Account,
T1489 - Impact - Service Stop,
T1562 - Defense Evasion - Impair Defenses,
T1562.002 - Defense Evasion - Impair Defenses: Disable Windows Event Logging,
Severity: Medium
Incident Responder