Skip to content

Disable audit logs


ID: MS-T810
Tactic: Defense Evasion
MITRE technique: T1562.008

Attackers may disable storage account audit logs to prevent event tracking and avoid detection. Audit logs provide a detailed record of operations performed on a target storage account and may be used to detect malicious activities. Thus, disabling these logs can leave a resource vulnerable to attacks without being detected.