The Linux Indicator Removal Clear Cache analytic detects potentially malicious activity involving the clearing of page cache on Linux systems. Specifically, it focuses on processes that execute the kernel system request `drop_caches`, which can signify attempts to remove forensic evidence. Malicious actors may leverage this behavior to camouflage their actions or delete system logs, making it challenging for cybersecurity professionals to investigate further incidents or compromises. The detection rules are designed around specific command-line patterns and are powered by Endpoint Detection and Response (EDR) data sourced from Sysmon for Linux. This analytic is critical as it can flag actions commonly associated with wiper malware and other nefarious activities.