You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Detects creation, modification, or deletion of Cloud Logging sinks. Attackers may manipulate logging sinks to redirect, suppress, or delete audit trail data, effectively blinding security monitoring. This is a classic defense evasion technique.
Next Steps:
1. Verify if the sink change was authorized by the logging/SECOPS team
2. For deletions: check if the sink was forwarding to a security tool (SIEM, SOAR)
3. For creations: verify the destination is a legitimate logging backend
4. For updates: compare the old and new sink configurations
5. Restore any deleted security-relevant sinks immediately
6. Review Cloud Audit logs for other logging configuration changes