CCC.Core.TH10 - State-change Events are Read by Unauthorized Entities

CCC.Core.TH10: State-change Events are Read by Unauthorized Entities

Threat ID:CCC.Core.TH10

Title:State-change Events are Read by Unauthorized Entities

Description:

Unauthorized access to state-change events can reveal information about the system's design and usage patterns. This opens the system up to attacks of opportunity and support the planning of attacks on the service, system, or network.

Related Capabilities

ID	Title	Description
CCC.Core.F03	Access Log Publication	The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors.
CCC.Core.F07	Event Publication	The service automatically publishes a structured state-change record upon creation, deletion, or modification of data, configuration, components, or child resources.
CCC.Core.F09	Metrics Publication	The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources.

External Mappings

Reference ID	Entry ID	Remarks
MITRE-ATT&CK	T1057	Process Discovery
MITRE-ATT&CK	T1049	System Network Connections Discovery
MITRE-ATT&CK	T1083	File and Directory Discovery