Log Tampering

low

log-tampering

Attacker modifies or deletes logs to hide malicious activity

RepudiationTampering

MITRE ATT&CK techniques

ID	Name	Tactic
T1070	Indicator Removal	Defense Evasion

Common Weakness Enumeration

Mitigating controls

ctrl-log-1: Implement write-once log storage
ctrl-log-2: Ship logs to secure centralized storage
ctrl-log-3: Implement log integrity monitoring
ctrl-log-4: Restrict log deletion permissions
ctrl-log-5: Enable object lock or legal hold on log storage for compliance retention periods

References

https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html