Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
3 Hours |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A GCP logging sink entity was modified. Logs that match the logging sink rule will not arrive at their destination. An attacker might use this technique to evade detection.
Attacker's Goals
Evade detection.
Investigative actions
- Check which logs were affected by the modification.
- Check the cloud identity activity prior/after to the entity modification.