CAPEC 268 Audit Log Manipulation

Draft Standard Unknown Risk

Description

The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.

Consequences

Relationships

Related ATT&CK Techniques

T1070

Indicator Removal

Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts …

T1562.002

Disable Windows Event Logging

Adversaries may disable Windows event logging to limit data that can be leveraged for detections and audits. Windows event logs …

T1562.003

Impair Command History Logging

Adversaries may impair command history logging to hide commands they run on a compromised system. Various command interpreters keep track …

T1562.008

Disable or Modify Cloud Logs

An adversary may disable or modify cloud logging capabilities and integrations to limit what data is collected on their activities …

CAPEC 268 Audit Log Manipulation

Description

Consequences

Consequence Information

Relationships

Parent CAPECs

Child CAPECs

Related ATT&CK Techniques

Indicator Removal

Disable Windows Event Logging

Impair Command History Logging

Disable or Modify Cloud Logs

Resources Required

CAPEC 268 Audit Log Manipulation

Description

Consequences

Consequence Information

Relationships

Parent CAPECs

Child CAPECs

Related ATT&CK Techniques

Indicator Removal

Disable Windows Event Logging

Impair Command History Logging

Disable or Modify Cloud Logs

Resources Required

Iscriviti alla newsletter