So we were practicing in SANS504 with your DeepBlueCLI script and when Chris cleared all the logs then ran the script again we didn't see the event ID "1102" - The Audit Log Was Cleared". However, we really believe this event should be add to the script :).
joswr1ght
commented
4 years ago
Hello Eric,
So we were practicing in SANS504 with your DeepBlueCLI script and when Chris cleared all the logs then ran the script again we didn't see the event ID "1102" - The Audit Log Was Cleared". However, we really believe this event should be add to the script :).
Thank you,