Threat Intel: Attack Vector: Disable Windows Event Logging

f1bc38dc-fbda-45cd-9ec9-7f69dfd7b00e

Adversaries may disable Windows event logging to limit the data available for detection and auditing purposes. Windows event logs capture user and system activities, including login attempts, process creation, and other critical events, which are essential for security tools and analysts to create effective detection mechanisms.

This script is designed to inspect various potential attack vectors that adversaries could employ to disable Windows Event Logging.

Remediation

This script is designed to assess potential security vulnerabilities. If any of the tests fail, it may indicate a security risk. Review the script's output to identify and rectify any issues, and conduct an investigation into the source responsible for altering the affected parameter. Additional information may be required to address these concerns.

More information: https://ptylu.github.io/content/report/report.html?report=25

MITRE Attack: https://attack.mitre.org/techniques/T1562/002/
MITRE CAR: https://car.mitre.org/analytics/CAR-2022-03-001/

MITRE Att&ck ID: T1562.002, T1070.001
Mitre CAR ID: CAR-2022-03-001