T1685.002

Disable or Modify Cloud Log

An adversary may disable or modify cloud logging capabilities and integrations to limit what data is collected on their activities and avoid detection. Cloud environments allow for collection and analysis of audit and application logs that provide insight into what activities a user does within the environment. If an adversary has sufficient permissions, they can disable or modify logging to avoid detection of their activities. For example, in AWS an adversary may disable CloudWatch/CloudTrail...

IaaSSaaSIdentity ProviderOffice Suite

Detections

Sources

Threat Actors

BY SOURCE

19splunk_escu3sigma

PROCEDURES (12)

General Monitoring3 detections

Auto-extracted: 3 detections for general monitoring

Credential2 detections

Auto-extracted: 2 detections for credential

Aws2 detections

Auto-extracted: 2 detections for aws

Evasion2 detections

Auto-extracted: 2 detections for evasion

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Aws1 detections

Auto-extracted: 1 detections for aws

Office1 detections

Auto-extracted: 1 detections for office

Office1 detections

Auto-extracted: 1 detections for office

Cloud Monitoring1 detections

Auto-extracted: 1 detections for cloud monitoring

Cloud Monitoring1 detections

Auto-extracted: 1 detections for cloud monitoring

Service1 detections

Auto-extracted: 1 detections for service

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Disable or Modify Cloud Log

BY SOURCE

PROCEDURES (12)

THREAT ACTORS (1)

DETECTIONS (22)