possible fp during log rotation

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file/file_delete/file_delete_win_delete_exchange_powershell_logs.yml>sigma
technicques: t1070

Techniques

Detects the deletion of the Exchange PowerShell cmdlet History logs which may indicate an attempt to destroy forensic evidence

condition: selection
selection:
  TargetFilename|contains: _Cmdlet_
  TargetFilename|startswith: \Logging\CmdletInfra\LocalPowerShell\Cmdlet\