logging.sinks.update
Event
Modifies a Cloud Logging sink’s configuration, such as its destination or log filter criteria.
Security Context
- Deleting or modifying audit logs destroys forensic evidence and prevents security teams from reconstructing the attack timeline.
Log Source
Cloud Audit Logs
Sample Event
MITRE ATT&CK Mapping
Tactics: Defense Evasion
Techniques:
- T1562.008 — Disable or Modify Cloud Logs — An adversary may disable or modify cloud logging capabilities and integrations to limit what data is collected on their activities and avoid detection. Cloud environments allow for collection and analysis of audit and application logs that provide insight into what activities a user does within t...