Seeing an "Audit Log was cleared" alert can be an indication of suspicious activity on the host. For example ransomware groups will often deploy ransomware with a feature to clear the event logs shortly after infecting systems.
Check with the user who cleared the log files and ensure this was intentional. Highlight to them the consequence of deleting logs and its impact on Field Effect being able to monitor your threat surface.
Some operating systems or hardware vendors include tools that can be run manually or configured automatically to clear logs to "enhance performance" so also ensure these are correctly configured.
Audit logs are useful for troubleshooting security events and we would discourage their deletion or the running of any application or tool that would clear them.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article