Prevent Malicious Actor or misconfiguration from flooding services with metric data.
Management / Monitoring / Controls / DEV
Rate Limiting on Metric Generation
CCC.Monitor.CN02 · Observability
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Monitoring.CP01 | CCC.Monitoring.CP01 | |
| CCC.Monitoring.CP11 | CCC.Monitoring.CP11 |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Monitor.TH06 | Cost Exhaustion Through Tampered Alerts or Metrics Collection | Monitoring systems are expected to generate traffic, but it a malicious actor were to change alerts that were being fired at an API which charged per requests or generate large volumes of metric data which would then need to be stored and processed, or even triggering resource scaling, this would cause an increase in cloud bill. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Monitor.CN02.AR01 | When an Custom or User-Defined Metric starts to flood a collector, then a rate limit MUST be applied to reduce the network impact of traffic and an alert must triggered. | tlp-clear, tlp-green, tlp-amber, tlp-red |