Sensitive log data, including PII, financial transaction details, or system vulnerabilities, is exfiltrated directly from the logging service's query or API interfaces by authorized but malicious insiders or compromised accounts exploiting legitimate access.
Management / Logging / Threats / DEV
Unauthorized Data Transfer Out of a Trusted Boundary
CCC.Logging.TH02
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
| CCC.Core.CP14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. |
| CCC.Core.CP22 | Location Lock-In | The service may be configured to restrict the deployment of child resources to specific geographic locations. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.Logging.CN06 | Detect and Alert on Potential Log Exfiltration | Identify and alert on anomalous data access patterns that may indicate an attempt to exfiltrate log data. |