{
	"id": "0d6a9d82-b5bd-46a3-949c-adf15e80471b",
	"created_at": "2026-04-06T02:10:45.088142Z",
	"updated_at": "2026-04-10T03:19:55.622161Z",
	"deleted_at": null,
	"sha1_hash": "78957f1afd99e204f7a50775558536e72273f3a1",
	"title": "CAPEC-571: Block Logging to Central Repository (Version 3.9)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42822,
	"plain_text": "CAPEC-571: Block Logging to Central Repository (Version 3.9)\r\nArchived: 2026-04-06 01:37:51 UTC\r\nAttack Pattern ID: 571\r\nAbstraction: Standard\r\n Description\r\nAn adversary prevents host-generated logs being delivered to a central location in an attempt to hide indicators of\r\ncompromise.\r\n Extended Description\r\nIn the case of network based reporting of indicators, an adversary may block traffic associated with reporting to prevent\r\ncentral station analysis. This may be accomplished by many means such as stopping a local process to creating a host-based\r\nfirewall rule to block traffic to a specific server.\r\nIn the case of local based reporting of indicators, an adversary may block delivery of locally-generated log files themselves\r\nto the central repository.\r\n Typical Severity\r\nLow\r\n Relationships\r\nThis table shows the other attack patterns and high level categories that are related to this attack pattern. These\r\nrelationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels\r\nof abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack\r\npatterns that the user may want to explore.\r\nNature Type\r\nChildOf Meta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or techniqu\r\nThis table shows the views that this attack pattern belongs to and top level categories within that view.\r\nView Name Top Level Categories\r\nDomains of Attack Software, Communications\r\nMechanisms of Attack Manipulate System Resources\r\n Taxonomy Mappings\r\nCAPEC mappings to ATT\u0026CK techniques leverage an inheritance model to streamline and minimize direct\r\nCAPEC/ATT\u0026CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant\r\nATT\u0026CK mappings. Note that the ATT\u0026CK Enterprise Framework does not use an inheritance model as part of the\r\nmapping to CAPEC.\r\nRelevant to the ATT\u0026CK taxonomy mapping\r\nEntry ID Entry Name\r\n1562.002 Impair Defenses: Disable Windows Event Logging\r\n1562.002 Impair Defenses: Impair Command History Logging\r\n1562.006 Impair Defenses: Indicator Blocking\r\n1562.008 Impair Defenses: Disable Cloud Logs\r\n Content History\r\nhttps://capec.mitre.org/data/definitions/571.html\r\nPage 1 of 2\n\nSubmissions\r\nSubmission Date Submitter Organization\r\n2015-11-09\r\n(Version 2.7)\r\nCAPEC Content Team The MITRE Corporation\r\nModifications\r\nModification Date Modifier Organization\r\n2018-07-31\r\n(Version 2.12)\r\nCAPEC Content Team The MITRE Corporation\r\nUpdated References, Typical_Severity\r\n2020-07-30\r\n(Version 3.3)\r\nCAPEC Content Team The MITRE Corporation\r\nUpdated Related_Attack_Patterns, Taxonomy_Mappings\r\n2022-09-29\r\n(Version 3.8)\r\nCAPEC Content Team The MITRE Corporation\r\nUpdated Description, Extended_Description, Taxonomy_Mappings\r\nMore information is available — Please select a different filter.\r\nSource: https://capec.mitre.org/data/definitions/571.html\r\nhttps://capec.mitre.org/data/definitions/571.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://capec.mitre.org/data/definitions/571.html"
	],
	"report_names": [
		"571.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775441445,
	"ts_updated_at": 1775791195,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/78957f1afd99e204f7a50775558536e72273f3a1.pdf",
		"text": "https://archive.orkl.eu/78957f1afd99e204f7a50775558536e72273f3a1.txt",
		"img": "https://archive.orkl.eu/78957f1afd99e204f7a50775558536e72273f3a1.jpg"
	}
}