CCC.AUDITLOG.TH03: Sensitive Data Logged
Threat ID:CCC.AUDITLOG.TH03
Title:Sensitive Data Logged
Description:
Sensitive information such as passwords, environment variables, or personally identifiable information (PII) may be included in audit logs due to a number of reasons such as; end user human error, developers not sanitizing fields or maliciously by a threat actor attempting to exfil data. This can lead to unauthorized disclosure if logs are accessed by unintended parties or forwarded to external systems.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.AuditLog.F03 | Sink | Ability to continually stream audit log data to a hosted storage bucket or data lake solution. |
| CCC.AuditLog.F08 | External Sink | Audit log events can be configured to be sent to a external SIEM or data analysis provider outside of the cloud platform. |
| CCC.Core.F03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.F10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
MITRE-ATT&CK | TA0006 | 0 | - |
OWASPTOP10 | A09:2021 | 0 | - |
OWASPTOP10 | A02:2021 | 0 | - |
CWE | CWE-532 | 0 | - |
CWE | CWE-200 | 0 | - |