Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility
ID: 1ce5d9cb-b065-5b5c-ad42-069fb33ba943
STIX ID: report--1ce5d9cb-b065-5b5c-ad42-069fb33ba943
Feed Name: Palo Alto Networks Unit 42
Threat Score
**Executive Summary:** This report analyzes attack techniques against cloud logging services (AWS CloudTrail and Google Cloud Logging), describing how adversaries can stop or redirect logs, delete storage or routers, tamper with encryption keys, and poison log files to evade detection or maintain continuous visibility, and it provides risk assessments and mitigations for defenders.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
