CCC.AUDITLOG.TH01: Insufficient Audit Logs
Threat ID:CCC.AUDITLOG.TH01
Title:Insufficient Audit Logs
Description:
If security critical audit events are not logged then it increases the difficulty to detect threats and perform post incident analysis.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.F03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.F10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
OWASPTOP10 | A09:2021 | 0 | - |
CWE | CWE-778 | 0 | - |
CWE | CWE-223 | 0 | - |