This detection rule monitors the clearing of Windows Core Event logs, specifically focusing on identifying instances where the command 'wevtutil cl' is executed. This command is a known method to clear event logs and can be indicative of an attempt to erase traces of malicious activity. The rule utilizes Windows Event ID 104 issued by the Microsoft-Windows-Eventlog provider, monitoring multiple channels including PowerShell and Security logs to enhance detection efficacy. The severity is classified as high due to the nature of event log clearing, which can often be an indicator of adversarial behavior aimed at evasion from security monitoring.