CCC.Core.TH07 - Logs are Tampered With or Deleted

CCC.Core.TH07: Logs are Tampered With or Deleted

Threat ID:CCC.Core.TH07

Title:Logs are Tampered With or Deleted

Description:

Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails.

Related Capabilities

ID	Title	Description
CCC.Core.F10	Log Publication	The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service.

External Mappings

Reference ID	Entry ID	Remarks
MITRE-ATT&CK	T1070	Indicator Removal on Host
MITRE-ATT&CK	T1565	Data Manipulation (for altering log entries)
MITRE-ATT&CK	T1027	Obfuscated Files or Information

Controls

ID	Title	Objective	Control Family	Threat Mappings	Guideline Mappings	Assessment Requirements
CCC.Core.C09	Ensure Integrity of Access Logs	Ensure that access logs are always recorded to an external location that cannot be manipulated from the context of the service(s) it contains logs for.	Data	3	5	3