CCC.AuditLog.F08: External Sink
Capability ID:CCC.AuditLog.F08
Title:External Sink
Description:Audit log events can be configured to be sent to a external SIEM or data analysis
provider outside of the cloud platform.
Mapped Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.AUDITLOG.TH03 | Sensitive Data Logged | Sensitive information such as passwords, environment variables, or personally identifiable information (PII) may be included in audit logs due to a number of reasons such as; end user human error, developers not sanitizing fields or maliciously by a threat actor attempting to exfil data. This can lead to unauthorized disclosure if logs are accessed by unintended parties or forwarded to external systems. | 3 | 1 | 0 |
| CCC.AUDITLOG.TH04 | Insufficient encoding of audit logs | User-supplied data such as scripts, control characters, escape sequences, or code fragments may be written to audit logs without proper encoding or sanitization. This can result in malformed or unexpected log entries that could disrupt or compromise systems that process or display these logs, including log viewers or downstream services. | 2 | 1 | 0 |