CCC.Core.TH07 - Logs are Tampered With or Deleted

CCC.Core.TH07: Logs are Tampered With or Deleted

Threat ID:CCC.Core.TH07

Title:Logs are Tampered With or Deleted

Description:

Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails.

Related Capabilities

ID	Title	Description
CCC.Core.F03	Access Log Publication	The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors.
CCC.Core.F10	Log Publication	The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service.

External Mappings

Reference ID	Entry ID	Remarks
MITRE-ATT&CK	T1070	Indicator Removal on Host
MITRE-ATT&CK	T1565	Data Manipulation (for altering log entries)
MITRE-ATT&CK	T1027	Obfuscated Files or Information