AWS DeleteEventDataStore
Deletes a CloudTrail Lake event data store, destroying stored forensic evidence and audit logs.
T1562.008: Disable or Modify Cloud Logs
T1562.008: Disable or Modify Cloud Logs
An adversary may disable or modify cloud logging capabilities and integrations to limit what data is collected on their activities and avoid detection. Cloud environments allow for collection and analysis of audit and application logs that provide insight into what activities a user does within t...
View on MITRE ATT&CK →AWS DeleteLogGroup
Permanently deletes a CloudWatch Logs log group and all its log streams and stored data.
AWS DeleteLogStream
Permanently deletes a log stream and all its events from within a CloudWatch Logs log group.
AWS DeleteTrail
Permanently deletes a CloudTrail trail, stopping API activity logging for that trail configuration.
GCP google.logging.v2.ConfigServiceV2.UpdateExclusion
Modifies a logging exclusion filter to silently drop specific log entries, hiding ongoing attacker activity.
GCP logging.sinks.delete
Deletes a Cloud Logging sink that was routing log entries to a destination such as Cloud Storage or BigQuery.
GCP logging.sinks.update
Modifies a Cloud Logging sink's configuration, such as its destination or log filter criteria.
Azure Microsoft.OperationalInsights/workspaces/delete
Permanently deletes a Log Analytics workspace and its stored data.
Azure Microsoft.Storage/storageAccounts/stopLogging/action
Stops logging for an Azure Storage account, disabling the collection of storage analytics logs.
AWS PutEventSelectors
Configures which API events (management or data, read/write) a CloudTrail trail records.
AWS StopLogging
Stops logging API activity for a CloudTrail trail, disabling audit log collection for that trail.
AWS UpdateTrail
Modifies the configuration of an existing CloudTrail trail, such as its S3 bucket, log validation, or multi-region settings.