Skip to content
TheCloud.Events

google.logging.v2.ConfigServiceV2.DeleteLog

CSP: GCP
Tactics:
Defense Evasion
Techniques:
T1070.002
Tags:
GCP Cloud Logging

Event

Deletes log entries from Cloud Logging, destroying forensic evidence of attacker activity.

Security Context

  • Deleting logs permanently removes audit records that document API calls, authentication events, and resource changes — eliminating the primary forensic evidence trail in GCP.
  • Adversaries delete logs to destroy evidence of their activity, making incident investigation and scope assessment significantly more difficult for defenders.

Log Source

Cloud Audit Logs

Sample Event

MITRE ATT&CK Mapping

Tactics: Defense Evasion

Techniques:
  • T1070.002 — Clear Linux or Mac System Logs — Adversaries may clear system logs to hide evidence of an intrusion. macOS and Linux both keep track of system or user-initiated actions via system logs.