Detection rules › By event

Microsoft-Windows-Sysmon event 26

19 detection rules reference this event. View event page.

Sigma (12)

ADS Zone.Identifier Deleted By Uncommon Application severity medium T1070.004
Backup Files Deleted severity medium T1490
EventLog EVTX File Deleted severity medium T1070
Exchange PowerShell Cmdlet History Deleted severity high T1070
File Deleted Via Sysinternals SDelete severity medium T1070.004
IIS WebServer Access Logs Deleted severity medium T1070
PowerShell Console History Logs Deleted severity medium T1070
Prefetch File Deleted severity high T1070.004
Process Deletion of Its Own Executable severity medium
TeamViewer Log File Deleted severity low T1070.004
Tomcat WebServer Logs Deleted severity medium T1070
Unusual File Deletion by Dns.exe severity high T1133

Splunk (7)