CCC.Logging.CN06: Detect and Alert on Potential Log Exfiltration
Control ID:CCC.Logging.CN06
Title:Detect and Alert on Potential Log Exfiltration
Objective:Identify and alert on anomalous data access patterns that may indicate an attempt
to exfiltrate log data.
Control Family:
Logging and Monitoring
Related Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.Logging.TH02 | Unauthorized Data Transfer Out of a Trusted Boundary | Sensitive log data, including PII, financial transaction details, or system vulnerabilities, is exfiltrated directly from the logging service's query or API interfaces by authorized but malicious insiders or compromised accounts exploiting legitimate access. | 1 | 2 | 0 |
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
| CCC.Core.CP14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. |