AWS CloudWatch log group deleted

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.


Detect when a CloudWatch Log Group is deleted.


Detect a successful event.

Triage and response

  1. Ensure that the {{@requestParameters.logGroupName}} log group is not used for auditing or security purposes.
  2. If it is then:
    • Ensure that the user: {{@userIdentity.session_name}} should be making this API call to your {{env}} environment.
    • Consider adding to the allowlist the log group name: {{@requestParameters.logGroupName}} through a suppression list.
  3. If not, begin your company’s IR process and investigate.


11 October 2022 - updated severity.