title: The Audit log file was cleared
description: hogehoge
enabled: true
author: Yea
logsource: 
    product: windows
detection:
    selection:
        Channel: Security
        EventID: 1102
    # condition: selection
falsepositives:
    - unknown
level: medium
output: |
    Audit Log Clear 
    The Audit log was cleared.
    Security ID: %LogFileCleared%%LogFileClearedSubjectUserName%
creation_date: 2020/11/8
updated_date: 2020/11/8