PowerShell Transcript Deletion

Added rule looking for the deletion of PowerShell transcript logs from the default location.

Author: mon0pixel

26_file_delete_deteted/include_powershell_transcript_folders.xml

@@ -0,0 +1,12 @@
+<Sysmon schemaversion="4.60">
+   <EventFiltering>
+      <RuleGroup name="" groupRelation="or">
+         <FileDeleteDetected onmatch="include">
+            <Rule groupRelation="and">
+               <TargetFilename condition="contains all">C:\PS-Transcripts\;PowerShell_transcript</TargetFilename>               <!--Default PowerShell transcript folder-->
+               <TargetFilename condition="contains">.txt</TargetFilename>
+            </Rule>
+         </FileDeleteDetected>
+      </RuleGroup>
+   </EventFiltering>
+</Sysmon>