| ID | Title | Description |
|---|---|---|
| CCC.Logging.TH01 | Log Ingestion Performance Degradation | The logging service's ingestion pipeline experiences performance degradation due to overwhelming log volumes, network bottlenecks, or inefficient processing, leading to delayed availability of log data for analysis and potential log loss if buffers overflow. |
| CCC.Logging.TH02 | Unauthorized Data Transfer Out of a Trusted Boundary | Sensitive log data, including PII, financial transaction details, or system vulnerabilities, is exfiltrated directly from the logging service's query or API interfaces by authorized but malicious insiders or compromised accounts exploiting legitimate access. |
| CCC.Logging.TH03 | Log Schema or Format Drift | Changes in source application or cloud service log formats, schemas, or underlying data structures lead to parsing failures, incomplete log ingestion, or render existing queries and dashboards ineffective, hindering comprehensive analysis. |
| CCC.Logging.TH04 | Inadequate Log Anonymization/Masking | Sensitive data (e.g., PII, secrets, authentication tokens) is ingested into logs without proper anonymization, masking, or redaction at source or during ingestion. This creates a significant data exposure risk, particularly for data not intended for broad log access. |
| CCC.Logging.TH05 | Log Retention Policy Evasion or Misconfiguration | Log data is deleted prematurely or retained longer than legally required due to misconfigured retention policies, manual overrides, or evasion tactics. This can lead to non-compliance with regulatory requirements or loss of critical forensic evidence. |
| CCC.Logging.TH06 | Log Injection | User-supplied data such as scripts, control characters, escape sequences, or code fragments may be written to logs without proper encoding or sanitization. This can result in malformed or unexpected log entries that could disrupt or compromise systems that process or display these logs, including log viewers or downstream services. |
| CCC.Logging.TH07 | Insufficient Logging | If security-critical actions are not logged, it becomes more difficult to detect threats and conduct post-incident analysis. |
Management / Logging
Threats
Version: