CCC.C07: Alert on Unusual Enumeration Activity
Objective:Ensure that logs and associated alerts are generated when
unusual enumeration activity is detected that may indicate
reconnaissance activities.
Control Family:
Logging & Monitoring
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH15 | Automated Enumeration and Reconnaissance by Non-human Entities | Automated processes or bots may be used to perform reconnaissance by enumerating resources such as APIs, file systems, or directories. These activities can reveal potential vulnerabilities, misconfigurations, or unsecured resources, which might result in unauthorized access or data exposure. |
NIST CSF:
DE.AE-1
Control Mappings
CCM:
LOG-05
ISO_27001:
NIST_800_53:
AU-6
Test Requirements
CCC.C07.TR01:When suspicious enumeration activities are detected, the
service MUST generate real-time alerts to notify security
personnel.
TLP:
tlp_red
CCC.C07.TR02:When suspicious enumeration activities are detected, the
service MUST log the event, including the source details,
time, and nature of the activity.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red