LoFP LoFP / during uninstallation of the tomcat server

Techniques

Sample rules

Tomcat WebServer Logs Deleted

Description

Detects the deletion of tomcat WebServer logs which may indicate an attempt to destroy forensic evidence

Detection logic

condition: selection
selection:
  TargetFilename|contains:
  - catalina.
  - _access_log.
  - localhost.
  TargetFilename|contains|all:
  - \Tomcat
  - \logs\