Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An AWS CloudWatch log stream was deleted, this action permanently deletes all the archives associated with this stream.
Attacker's Goals
An attacker may change the configuration of the affected resource to remain undetected.
Investigative actions
- Check why the identity deleted the log stream.
- Check which resource is affected by this change.