![]() ![]() ![]() Identifies suspending the recording of AWS API calls and log file delivery for the specified trail. An adversary may delete trails in an attempt to evade defenses. Identifies the deletion of an AWS log trail. Identifies the creation of an AWS log trail that specifies the settings for delivery of log data. Some changes such as disabling or enabling a scheduled task are common and may may generate noise.Īn adversary may attempt to access the secrets in secrets manager to steal certificates, credentials, or other sensitive material Adversaries can use these to establish persistence, by changing the configuration of a legit scheduled task. Indicates the update of a scheduled task using Windows event logs. Adversaries can use these to establish persistence, move laterally, and/or escalate privileges. Indicates the creation of a scheduled task using Windows event logs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |