Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Identifies AWS API calls that attempt to reduce logging or visibility in an account by stopping logging, deleting trails, deleting flow logs, or deleting event buses. This behavior can indicate defense evasion or the deliberate suppression of telemetry used to monitor security posture.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Amazon Web Services |
| ID | 093fe75e-44f1-4d3e-94dc-6d258a6dd2d2 |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | DefenseEvasion |
| Techniques | T1562.008 |
| Required Connectors | AWS, AWSS3 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AWSCloudTrail |
EventName in "DeleteEventBus,DeleteFlowLogs,DeleteTrail,StopLogging,UpdateTrail" |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊