1. Home
  2. Data Components
  3. Snapshot Deletion

Snapshot Deletion

The removal of a point-in-time backup of a cloud storage volume, virtual machine (VM), or database.

Data Collection Measures:

  • AWS CloudTrail
    • Logs DeleteSnapshot API calls in EC2, RDS, and EBS services.
  • Azure Monitor Logs
    • Tracks snapshot deletions via Microsoft.Compute/snapshots/delete API calls.
  • Google Cloud Logging
    • Detects snapshot removal through compute.disks.deleteSnapshot events.
ID: DC0049
Domains: Enterprise
Version: 2.0
Created: 20 October 2021
Last Modified: 21 October 2025

Log Sources

Name Channel
AWS:CloudTrail DeleteSnapshot
esxi:hostd snapshot.removeall or snapshot file deletion

Detection Strategy

ID Name Technique Detected
DET0329 Behavioral Detection for T1490 - Inhibit System Recovery T1490
DET0308 Detection Strategy for Modify Cloud Compute Infrastructure T1578