Skip to content
TheCloud.Events

google.logging.v2.ConfigServiceV2.UpdateExclusion

CSP: GCP
Tactics:
Defense Evasion
Techniques:
T1562.008
Tags:
GCP Cloud Logging

Event

Modifies a logging exclusion filter to silently drop specific log entries, hiding ongoing attacker activity.

Security Context

  • Logging exclusion filters silently discard matching log entries before they reach storage or downstream sinks, making the excluded activity completely invisible to security monitoring and forensic analysis.
  • Adversaries modify exclusion filters to suppress logs for specific API calls, service accounts, or resource types used in their attack, ensuring their ongoing activity generates no audit trail.

Log Source

Cloud Audit Logs

Sample Event

MITRE ATT&CK Mapping

Tactics: Defense Evasion

Techniques:
  • T1562.008 — Disable or Modify Cloud Logs — An adversary may disable or modify cloud logging capabilities and integrations to limit what data is collected on their activities and avoid detection. Cloud environments allow for collection and analysis of audit and application logs that provide insight into what activities a user does within t...