Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A Soft Delete configuration was disabled on a cloud storage account.
Soft delete allows a deletion of a blob or a container to be restored.
Disabling it will impair the ability of the cloud environment to recover in disaster scenarios.
Attacker's Goals
Impair the ability of the cloud environment to recover in disaster scenarios.
Investigative actions
- Check if the identity intended to disable soft delete for this storage account.
- Check if the identity performed additional malicious operations in the cloud environment.