Evidence hidden by deleting system log file

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1070-indicator-removal

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect the removal of system log files such as in order to hide evidence of malicious activity.

Strategy

Monitor the file system for the deletion of specific system logs such as /var/log/syslog.

Requires Agent version 7.27 or later.