Delete DNS query logs
Platform: AWS
MITRE ATT&CK Tactics
- Defense Evasion
Description
Deletes a Route53 DNS Resolver query logging configuration. Simulates an attacker disrupting DNS logging.
Warm-up:
- Create a DNS logging configuration.
Detonation:
- Delete the DNS logging configuration using
route53:DeleteQueryLoggingConfig
.
Instructions
Detection
Identify when a DNS logging configuration is deleted, through CloudTrail's DeleteQueryLoggingConfig
event.