Tag

Logging

1 brief RSS

Detection of IIS HTTP Logging Disabled via AppCmd.exe

This analytic detects the use of AppCmd.exe to disable HTTP logging on IIS servers, allowing adversaries to evade detection by removing evidence of their actions.

Splunk Enterprise +3 iis logging defense-evasion windows

2r 2t Jan 1, 2024