In various publicly shared Defender ATP Queries (like one in this Microsoft posting ), detection looks for act of clearing the security event log this.
read source
Detection for clearing the security log
Click to rate this post!
[Total: 0 Average: 0]