MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Defense Evasion/ T1685.002

T1685.002Disable or Modify Cloud Log

T1685.002 — Disable or Modify Cloud Log is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 19 detection use cases covering it.

Defense Evasion

View on the matrix → Filter Detection Library MITRE official spec ↗

19Use cases

0Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1685 · Disable or Modify Tools

Use cases covering this technique (19)

ASL AWS Defense Evasion Delete Cloudtrail ESCU actions · alerting P ASL AWS Defense Evasion Delete CloudWatch Log Group ESCU actions · alerting P ASL AWS Defense Evasion Impair Security Services ESCU actions · hunting P ASL AWS Defense Evasion PutBucketLifecycle ESCU actions · hunting P ASL AWS Defense Evasion Stop Logging Cloudtrail ESCU actions · alerting P ASL AWS Defense Evasion Update Cloudtrail ESCU actions · alerting P AWS Bedrock Delete GuardRails ESCU actions · alerting P AWS Bedrock Delete Model Invocation Logging Configuration ESCU actions · alerting P AWS Defense Evasion Delete Cloudtrail ESCU actions · alerting P AWS Defense Evasion Delete CloudWatch Log Group ESCU actions · alerting P AWS Defense Evasion Impair Security Services ESCU actions · alerting P AWS Defense Evasion PutBucketLifecycle ESCU actions · hunting P AWS Defense Evasion Stop Logging Cloudtrail ESCU actions · alerting P AWS Defense Evasion Update Cloudtrail ESCU actions · alerting P GitHub Enterprise Disable Audit Log Event Stream ESCU actions · hunting P GitHub Enterprise Modify Audit Log Event Stream ESCU actions · hunting P GitHub Enterprise Pause Audit Log Event Stream ESCU actions · hunting P O365 Advanced Audit Disabled ESCU actions · alerting P O365 Email Security Feature Changed ESCU actions · alerting P