Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Update trail's configuration, which controls what events are being logged, and how to handle log files.
Attacker's Goals
An attacker may change the configuration of the affected resource to remain undetected.
Investigative actions
- Check the identity which updated the trail's configuration.
- Check which resource is affected by this change.
- Check if there is a new destination for logs archiving.