If a malicious actor is able to create new triggers, they would be able to use valid metric data to trigger malicious actions and re-compromise a newly replaced container or compute instance.
Management / Monitoring / Threats / DEV
Trigger Malicious Code
CCC.Monitor.TH07
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Monitoring.CP01 | CCC.Monitoring.CP01 | |
| CCC.Monitoring.CP10 | CCC.Monitoring.CP10 | |
| CCC.Monitoring.CP11 | CCC.Monitoring.CP11 |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| MITRE-ATT&CK | T1546 | Event Triggered Execution |