Skip to content
TheCloud.Events

Microsoft.Network/networkWatchers/flowLogs/delete

CSP: Azure
Tactics:
Defense Evasion
Techniques:
T1562
Tags:
Azure Network Watcher

Event

Deletes an NSG flow log configuration, stopping the capture of network traffic metadata for a network security group.

Security Context

  • Impairing defenses allows adversaries to operate freely by removing security controls that would otherwise detect or block their activity.
  • Modifications to logging and monitoring infrastructure can create blind spots that allow adversary activity to go undetected.

Log Source

Azure Activity Log

Sample Event

MITRE ATT&CK Mapping

Tactics: Defense Evasion

Techniques:
  • T1562 — Impair Defenses — Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as firewalls and anti-virus, but also detection capabilities that defenders can use to audit activity and identify...