Threat actors may enumerate system and service logs to find useful data. These logs may highlight various types of valuable insights for Threat actors, such as user authentication records (Account Discovery), security or vulnerable software (Software Discovery), or hosts within a compromised network (Remote System Discovery).
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.