incident-response-trainer
Mock scenarios · Rule-based grading
CatalogOverviewSnapshot
← Back to catalog
Cloud InfrastructuremediumCloud Audit-Logging GapHigh asset
Scenario

Cloud audit logging disabled in a region — detection blind spot

A medium Cloud Infrastructure scenario on Cloud Audit-Logging Gap.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 2 templates in this Track + Difficulty pool.

catalog id · cloud-audit-logging-gap

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Restore a cloud audit-logging blind spot
  • Alert on logging changes and corroborate the gap window
MITRE ATT&CKmitre-attack
  • Impair Defenses: Disable or Modify Cloud Logs · Defense EvasionT1562.008 · TA0005
    PartialMedium confidence

    Trains the defender side: remediating a logging gap that reduces detection coverage in a region.

MITRE D3FENDmitre-d3fend
  • Network Traffic AnalysisD3-NTA
    MappedMedium confidence

    Trains using remaining flow telemetry to corroborate activity during the gap.

  • User Behavior AnalysisD3-UBA
    PartialLow confidence

    Trains looking for unusual activity in the signals that still survive the gap.

NIST CSF 2.0nist-csf-2
  • Continuous Monitoring · DetectDE.CM · DE
    MappedHigh confidence

    Trains restoring the continuous-monitoring capability the gap removed.

  • Adverse Event Analysis · DetectDE.AE · DE
    MappedMedium confidence

    Trains reasoning about what events went unrecorded during the gap.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseDetection & Analysis
    MappedHigh confidence

    Trains scoping the lost window and corroborating from remaining telemetry.

  • IR lifecycle phasePreparation
    MappedHigh confidence

    Trains hardening so logging changes are alerted on and centrally retained.

CISA Cybersecurity Performance Goalscisa-cpg
  • Log Collection2.T
    MappedHigh confidence

    Trains the log-collection baseline the gap broke and the response restores.

  • Detecting Relevant Threats and TTPs3.A
    MappedMedium confidence

    Trains the detection baseline that depends on complete logging.

CIS Controls v8cis-controls
  • Audit Log ManagementControl 8
    MappedHigh confidence

    Trains the audit-log-management control the incident centers on.

  • Network Monitoring and DefenseControl 13
    MappedMedium confidence

    Trains the monitoring control that compensates while the trail is restored.