Home/ MITRE Matrix/ Defense Evasion/ T1685.004

T1685.004Disable or Modify Linux Audit System Log

T1685.004 — Disable or Modify Linux Audit System Log is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 3 detection use cases covering it.

Defense Evasion

View on the matrix → Filter Detection Library MITRE official spec ↗

3Use cases

0Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1685 · Disable or Modify Tools

Use cases covering this technique (3)

Linux Auditd Auditd Daemon Abort ESCU actions · hunting P Linux Auditd Auditd Daemon Shutdown ESCU actions · hunting P Linux Auditd Auditd Daemon Start ESCU actions · hunting P