rare need to clear logs before doing something. sometimes used by installers or cleaner scripts. the script should be investigated to determine if it's legitimate

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/windows/powershell/powershell_script/posh_ps_susp_clear_eventlog.yml>sigma
technicques: t1070 t1070.001

Techniques

Detects usage of known powershell cmdlets such as “Clear-EventLog” to clear the Windows event logs

condition: selection
selection:
  ScriptBlockText|contains:
  - 'Clear-EventLog '
  - 'Remove-EventLog '
  - 'Limit-EventLog '
  - 'Clear-WinEvent '