CCC.Core.TH10 - State-change Events are Read by Unauthorized Entities

CCC.Core.TH10: State-change Events are Read by Unauthorized Entities

Threat ID:CCC.Core.TH10

Title:State-change Events are Read by Unauthorized Entities

Description:

Unauthorized access to state-change events can reveal information about the system's design and usage patterns. This opens the system up to attacks of opportunity and support the planning of attacks on the service, system, or network.

Related Capabilities

ID	Title	Description
CCC.Core.F03	Access Log Publication	The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors.
CCC.Core.F17	Alerting	The service may be configured to emit a notification based on a user-defined condition related to the data published by a child or networked resource.

External Mappings

Reference ID	Entry ID	Remarks
MITRE-ATT&CK	T1057	Process Discovery
MITRE-ATT&CK	T1049	System Network Connections Discovery
MITRE-ATT&CK	T1083	File and Directory Discovery