Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An AWS CloudWatch log group was deleted, this action permanently deletes all the archives associated with this group.
Attacker's Goals
An attacker may change the configuration of the affected resource to remain undetected.
Investigative actions
- Check why the identity deleted the log group.
- Check what resources were affected by this change.