title: Eventlog Cleared description: One of the Windows Eventlogs has been cleared reference: https://twitter.com/deviouspolack/status/832535435960209408 author: Florian Roth logsource: product: windows service: system detection: selection: EventID: 104 condition: selection falsepositives: - Unknown level: medium