CCC.C07: Alert on Unusual Enumeration Activity
Objective:Ensure that logs and associated alerts are generated when
unusual enumeration activity is detected that may indicate
reconnaissance activities.
Control Family:
Logging & Monitoring
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH15 | Automated Enumeration and Reconnaissance by Non-human Entities | Attackers may deploy automated processes or bots to perform reconnaissance activities by enumerating resources such as APIs, file systems, or directories. These activities can help attackers identify vulnerabilities, misconfigurations, or unsecured resources, which can then be exploited for unauthorized access or data theft. |
NIST CSF:
DE.AE-1
Control Mappings
CCM:
ISO_27001:
NIST_800_53:
AU-6
Test Requirements
CCC.C07.TR01:When suspicious enumeration activities are detected, the
service MUST generate real-time alerts to notify security
personnel.
TLP:
tlp_red
CCC.C07.TR02:When suspicious enumeration activities are detected, the
service MUST log the event, including the source details,
time, and nature of the activity.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red