catalog logoThe IAM Privilege Catalog

risks / Logs destruction

Description

Allows an attacker to delete logs data. The most critical effect is that this disrupts security incident response. Can also disrupt support and business-intelligence operations.

Risk: EVASION

This risk allows an attacker to evade detection, allowing the attacker to exploit additional risks without detection, and prevent exploit remediation.

Mitigations

  1. Backup logs

Links

    (No links for this risk)

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

cloudsql.databases.delete
cloudsql.instances.restoreBackup
cloudsql.instances.truncateLog
cloudsql.users.create
cloudsql.users.update
compute.instances.delete
compute.instances.osAdminLogin
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setScheduling
container.daemonSets.delete
container.deployments.delete
container.jobs.delete
container.namespaces.delete
container.nodes.delete
container.pods.delete
container.replicaSets.delete
container.statefulSets.delete
datastore.operations.delete
firebaserules.rulesets.delete
logging.buckets.delete
logging.logs.delete
logging.settings.update
resourcemanager.projects.delete

© 2023–present P0 Security and contributors to the IAM Privilege Catalog