Ensure that logs and associated alerts are generated when unusual enumeration activity is detected that may indicate reconnaissance activities.
Core / Ccc / Controls / DEV
Alert on Unusual Enumeration Activity
CCC.Core.CN07 · Observability
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH15 | Automated Enumeration and Reconnaissance by Non-human Entities | Automated processes may be used to gather details about service and child resource elements such as APIs, file systems, or directories. This information can reveal vulnerabilities, misconfigurations, and the network topology, which can be used to plan an attack against the system, the service, or its child resources. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Core.CN07.AR01 | When enumeration activities are detected, the service MUST publish an event to a monitored channel which includes the client identity, time, and nature of the activity. | tlp-amber, tlp-red |
| CCC.Core.CN07.AR02 | When enumeration activities are detected, the service MUST log the client identity, time, and nature of the activity. | tlp-clear, tlp-green, tlp-amber, tlp-red |