Skip to content
TheCloud.Events

Microsoft.Storage/storageAccounts/stopLogging/action

CSP: Azure
Tactics:
Defense Evasion
Techniques:
T1562.008
Tags:
Azure Azure Storage

Event

Stops logging for an Azure Storage account, disabling the collection of storage analytics logs that record read, write, and delete requests against blob, table, and queue services.

Security Context

  • Impairing defenses allows adversaries to operate freely by removing security controls that would otherwise detect or block their activity.
  • Cloud storage services are frequent targets for data theft, as they often contain sensitive files, backups, and application data.
  • Modifications to logging and monitoring infrastructure can create blind spots that allow adversary activity to go undetected.

Log Source

Azure Activity Log

Sample Event

MITRE ATT&CK Mapping

Tactics: Defense Evasion

Techniques:
  • T1562.008 — Disable or Modify Cloud Logs — An adversary may disable or modify cloud logging capabilities and integrations to limit what data is collected on their activities and avoid detection. Cloud environments allow for collection and analysis of audit and application logs that provide insight into what activities a user does within t...