Microsoft.HybridCompute/machines/extensions/delete
Event
Removes an extension from an Azure Arc-enabled server.
Security Context
- Disabling security monitoring tools eliminates visibility into adversary activity, allowing subsequent attack stages to proceed undetected.
Log Source
Azure Activity Log
Sample Event
MITRE ATT&CK Mapping
Tactics: Defense Evasion
Techniques:
- T1562.001 — Disable or Modify Tools — Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properl...