Clearing of Windows Audit Logs

This Splunk search will show anytime the windows audit logs (event viewer logs) have been cleared or deleted.

Ensure the Splunk App for Windows is installed, you can grab it here: https://apps.splunk.com/app/742/

Share This:

Leave A Comment?