Skip to content

Clear container logs

Info

ID: MS-TA9021
Tactic: Defense Evasion
MITRE technique: T1070

Attackers may delete the application or OS logs on a compromised container in an attempt to prevent detection of their activity.

Mitigations

ID Mitigation Description
MS-M9020 Collect Logs to Remote Data Storage Collect container logs to a separate storage system.
MS-M9016 Restrict File and Directory Permissions Restrict access to container logs.