# AN1882 — Detection of Indicator Removal on Host (ICS) ## Descrição Analítico para detecção de — na plataforma ICS. **Plataformas:** ICS --- ### Fontes de Log | Fonte | Detalhe | |-------|--------| | Command Execution (DC0064) | Command | | OS API Execution (DC0021) | Process | | Windows Registry Key Modification (DC0063) | Windows Registry | | File Metadata (DC0059) | File | | Windows Registry Key Deletion (DC0045) | Windows Registry | | File Deletion (DC0040) | File | | File Modification (DC0061) | File | | Process Creation (DC0032) | Process | ### Data Components Utilizados - [[dc0021-active-directory-object-modification|DC0021]] - [[dc0032-process-creation|DC0032]] - [[dc0040-file-deletion|DC0040]] - [[dc0045-windows-registry-key-deletion|DC0045]] - [[dc0059-file-metadata|DC0059]] - [[dc0061-file-modification|DC0061]] - [[dc0063-windows-registry-key-modification|DC0063]] - [[dc0064-command-execution|DC0064]] --- *Fonte: [MITRE ATT&CK — AN1882](https://attack.mitre.org/detectionstrategies/DET0750#AN1882)*