diff --git a/src/detections/application.rs b/src/detections/application.rs
index 0ba374a3..921a841b 100644
--- a/src/detections/application.rs
+++ b/src/detections/application.rs
@@ -18,11 +18,11 @@ impl Application {
         event_data: HashMap<String, String>,
     ) {
         if event_id == "2" {
-            &self.emet(system, event_data);
+            &self.emet(system);
         }
     }
 
-    fn emet(&mut self, system: &event::System, event_data: HashMap<String, String>) {
+    fn emet(&mut self, system: &event::System) {
         match &system.provider.name {
             Some(name) => {
                 if (name != "EMET") {
diff --git a/src/detections/detection.rs b/src/detections/detection.rs
index 81431af3..15976c05 100644
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -41,7 +41,7 @@ impl Detection {
                     if channel == "Security" {
                         &security.detection(event_id, &event.system, event_data);
                     } else if channel == "System" {
-                        &system.detection();
+                        &system.detection(event_id, &event.system, event_data);
                     } else if channel == "Application" {
                         &application.detection(event_id, &event.system, event_data);
                     } else {
diff --git a/src/detections/system.rs b/src/detections/system.rs
index 3c5b6401..6399d3f4 100644
--- a/src/detections/system.rs
+++ b/src/detections/system.rs
@@ -1,3 +1,6 @@
+use crate::models::event;
+use std::collections::HashMap;
+
 pub struct System {}
 
 impl System {
@@ -5,5 +8,44 @@ impl System {
         System {}
     }
 
-    pub fn detection(&self) {}
+    pub fn detection(
+        &mut self,
+        event_id: String,
+        system: &event::System,
+        event_data: HashMap<String, String>,
+    ) {
+        if event_id == "104" {
+            &self.system_log_clear();
+        } else if event_id == "7040" {
+            &self.windows_event_log(event_data);
+        }
+    }
+
+    fn system_log_clear(&mut self) {
+        println!("Message : System Log Clear");
+        println!("Results : The System log was cleared.");
+    }
+
+    fn windows_event_log(&mut self, event_data: HashMap<String, String>) {
+        match event_data.get("param1") {
+            Some(_data) => {
+                if _data == "Windows Event Log" {
+                    println!("Service name : {}", _data);
+                    match event_data.get("param2") {
+                        Some(_data) => {
+                            if _data == "disabled" {
+                                println!("Message : Event Log Service Stopped");
+                                println!("Results : Selective event log manipulation may follow this event.");
+                            } else if _data == "auto start" {
+                                println!("Message : Event Log Service Started");
+                                println!("Results : Selective event log manipulation may precede this event.");
+                            }
+                        }
+                        None => (),
+                    }
+                }
+            }
+            None => (),
+        }
+    }
 }