Skip to content

Hide Navigation Hide TOC

Linux Logs Clearing Attempts (80915f59-9b56-4616-9de0-fd0dea6c12fe)

Detects logs clearing attempts on Linux systems via utilities such as 'rm', 'rmdir', 'shred', and 'unlink' targeting log files and directories. Adversaries often try to clear logs to cover their tracks after performing malicious activities.

Cluster A Galaxy A Cluster B Galaxy B Level
Linux Logs Clearing Attempts (80915f59-9b56-4616-9de0-fd0dea6c12fe) Sigma-Rules Clear Linux or Mac System Logs - T1685.006 (5e29d64d-2b14-4f92-875e-4c9c498e213c) Attack Pattern 1
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Clear Linux or Mac System Logs - T1685.006 (5e29d64d-2b14-4f92-875e-4c9c498e213c) Attack Pattern 2