LetsDefend Monitoring Alert

Windows Event Logging Disabled

Feb, 08, 2024, 01:58 PM

Event ID: 224

Event Time: Feb, 08, 2024, 01:58 PM

Rule Name: SOC259 - Windows Event Logging Disabled

Alert Type: Malware

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1136 - Persistence - Create Account,
T1489 - Impact - Service Stop,
T1562 - Defense Evasion - Impair Defenses,
T1562.002 - Defense Evasion - Impair Defenses: Disable Windows Event Logging,

Severity: Medium

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166