Sensitive information such as passwords, environment variables, or personally identifiable information (PII) may be included in audit logs due to a number of reasons such as; end user human error, developers not sanitizing fields or maliciously by a threat actor attempting to exfil data. This can lead to unauthorized disclosure if logs are accessed by unintended parties or forwarded to external systems.
Management / Auditlog / Threats / DEV
Sensitive Data Logged
CCC.AUDITLOG.TH03
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.AuditLog.CP03 | Sink | Ability to continually stream audit log data to a hosted storage bucket or data lake solution. |
| CCC.AuditLog.CP08 | External Sink | Audit log events can be configured to be sent to a external SIEM or data analysis provider outside of the cloud platform. |
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.CP10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| MITRE-ATT&CK | TA0006 | |
| OWASPTOP10 | A09:2021 | |
| OWASPTOP10 | A02:2021 | |
| CWE | CWE-532 | |
| CWE | CWE-200 |