| ID | Title | Description | Threat Mappings |
|---|---|---|---|
| CCC.AuditLog.CP01 | Default Retention Period | Cloud providers support a default minimum retention of audit log data. | 0 |
| CCC.AuditLog.CP02 | Export | Support for manual "one off" exporting or downloading of raw log events. | 0 |
| CCC.AuditLog.CP03 | Sink | Ability to continually stream audit log data to a hosted storage bucket or data lake solution. | 2 |
| CCC.AuditLog.CP04 | Event Types | Audit events are generated with different data types to provide specific fields for the system which generated the event, such as Management Event, Data Event and Policy Event. | 0 |
| CCC.AuditLog.CP05 | Time Search | Ability to search for audit events across a specific time range. | 0 |
| CCC.AuditLog.CP06 | Filtering | Ability to filter audit events based on specific attribute. | 0 |
| CCC.AuditLog.CP07 | Immutable Log Entries | Audit Log events are immutable and cannot be altered or deleted once generated. | 0 |
| CCC.AuditLog.CP08 | External Sink | Audit log events can be configured to be sent to a external SIEM or data analysis provider outside of the cloud platform. | 2 |
Management / Auditlog
CCC Audit Logging Capabilities
Version: DEV