Alert on Unusual Enumeration Activity

CCC.Core.CN07: Alert on Unusual Enumeration Activity

Control ID:CCC.Core.CN07

Title:Alert on Unusual Enumeration Activity

Objective:Ensure that logs and associated alerts are generated when unusual enumeration activity is detected that may indicate reconnaissance activities.

Control Family:

Logging & Monitoring

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
CCM	LOG-05	3	Audit Logs Monitoring and Response (take action on detected anomalies)
CCM	SEF-05	3	Incident Response Metrics (establish and monitor metrics)

Assessment Requirements

ID	Description	Applicability
CCC.Core.CN07.AR01	When enumeration activities are detected, the service MUST publish an event to a monitored channel which includes the client identity, time, and nature of the activity.	tlp-amber tlp-red
CCC.Core.CN07.AR02	When enumeration activities are detected, the service MUST log the client identity, time, and nature of the activity.	tlp-clear tlp-green tlp-amber tlp-red