1. Home
  2. ATT&CK Techniques
  3. T1562.008 Disable Cloud Logs

T1562.008 Disable Cloud Logs Mappings

An adversary may disable cloud logging capabilities and integrations to limit what data is collected on their activities and avoid detection.

Cloud environments allow for collection and analysis of audit and application logs that provide insight into what activities a user does within the environment. If an attacker has sufficient permissions, they can disable logging to avoid detection of their activities. For example, in AWS an adversary may disable CloudWatch/CloudTrail integrations prior to conducting further malicious activity.(Citation: Following the CloudTrail: Generating strong AWS security signals with Sumo Logic)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1562.008 Disable Cloud Logs
AC-3 Access Enforcement Protects T1562.008 Disable Cloud Logs
AC-5 Separation of Duties Protects T1562.008 Disable Cloud Logs
AC-6 Least Privilege Protects T1562.008 Disable Cloud Logs
CM-5 Access Restrictions for Change Protects T1562.008 Disable Cloud Logs
IA-2 Identification and Authentication (organizational Users) Protects T1562.008 Disable Cloud Logs
action.malware.variety.Disable controls Disable or interfere with security controls related-to T1562.008 Impair Defenses: Disable Cloud Logs
aws_config AWS Config technique_scores T1562.008 Disable Cloud Logs
amazon_guardduty Amazon GuardDuty technique_scores T1562.008 Disable Cloud Logs
aws_iot_device_defender AWS IoT Device Defender technique_scores T1562.008 Disable Cloud Logs
aws_iot_device_defender AWS IoT Device Defender technique_scores T1562.008 Disable Cloud Logs
aws_security_hub AWS Security Hub technique_scores T1562.008 Disable Cloud Logs