Alert on Unusual Enumeration Activity

CCC.Core.C07: Alert on Unusual Enumeration Activity

Control ID:CCC.Core.C07

Title:Alert on Unusual Enumeration Activity

Objective:Ensure that logs and associated alerts are generated when unusual enumeration activity is detected that may indicate reconnaissance activities.

Control Family:

Logging & Monitoring

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
NIST-CSF	DE.AE-1	0	-
CCM	LOG-05	3	Audit Logs Monitoring and Response (take action on detected anomalies)
CCM	SEF-05	3	Incident Response Metrics (establish and monitor metrics)
NIST_800_53	AU-6	0	-

Assessment Requirements

ID	Description	Applicability
CCC.Core.C07.TR01	When enumeration activities are detected, the service MUST publish an event to a monitored channel which includes the client identity, time, and nature of the activity.	tlp-amber tlp-red
CCC.Core.C07.TR02	When enumeration activities are detected, the service MUST log the client identity, time, and nature of the activity.	tlp-clear tlp-green tlp-amber tlp-red