- Threat Detection, Investigation, and Response (TDIR) Use Case Categories
- Threat Detection, Investigation, and Response (TDIR) Use Case Categories Hierarchy
- Compromised Insiders Use Case Category
- External Threats Use Case Category
- Malicious Insiders Use Case Category
Audit Log Manipulation Scenario
Learn about the Audit Tampering Audit Log Manipulation scenario.
The Audit Log Manipulation scenario describes when someone with elevated access or a deep understanding of organizational security and infrastructure tampers with audit logs to prevent people from detecting their malicious activity. They may be difficult to detect because they have legitimate access as a part of their jobs. Some signs that someone is tampering with audit logs include a change in their audit log activity like accessing an audit log for the first time, or more alarming actions like deleting or clearing an audit log, which may indicate they're abusing their access and destroying incriminating evidence.
In the Threat Detection, Investigation, and Response (TDIR) Use Case Categories hierarchy, the Audit Log Manipulation scenario falls under the Audit Tampering use case.