Insider Threat Matrix™Insider Threat Matrix™
  • ID: AF002.004
  • Created: 06th July 2026
  • Updated: 06th July 2026
  • Platforms: Oracle Cloud Infrastructure (OCI)Google Cloud Platform (GCP)Amazon Web Services (AWS)Microsoft Azure
  • MITRE ATT&CK®: T1685T1685.002
  • Contributor: The ITM Team

Clear Cloud Logs

A subject deletes, disables, suppresses, or materially alters cloud logging to eliminate records of their activity or reduce investigative visibility. This may include audit logs, sign-in logs, administrative activity logs, mailbox audit records, storage access logs, network flow logs, or service-level application logs within cloud, identity provider, office suite, infrastructure-as-a-service, or software-as-a-service environments.

 

Cloud log deletion or suppression may be performed through administrative consoles, command-line tools, application programming interfaces, policy changes, logging configuration changes, retention changes, license changes, or removal of log forwarding integrations. The subject may target specific users, services, regions, tenants, workloads, or time periods to prevent later reconstruction of activity.