pC_microsoftevsecuritykvlogclearsuccess11022.md

Parser Content

{
Name = microsoft-evsecurity-kv-log-clear-success-1102-2
TimeFormat = "epoch_sec"
Conditions = [
  """EventIDCode=1102"""
  """The audit log was cleared"""
]
DupFields = [ "host->src_host" ]
ParserVersion = "v1.0.0"


}