Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
An adversary prevents host-generated logs being delivered to a central location in an attempt to hide indicators of compromise.
In the case of network based reporting of indicators, an adversary may block traffic associated with reporting to prevent central station analysis. This may be accomplished by many means such as stopping a local process to creating a host-based firewall rule to block traffic to a specific server.
In the case of local based reporting of indicators, an adversary may block delivery of locally-generated log files themselves to the central repository.
This table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
This table shows the views that this attack pattern belongs to and top level categories within that view.
More information is available — Please select a different filter.