GRC Store

Search / finos-ccc/ccc.monitor.th / v2026.06-rc3

Release · v2026.06-rc3

FINOS-CCC/CCC.Monitor.TH Threat Catalog

FINOS-CCC/CCC.Monitor.TH

Threats for Monitoring technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.monitor.th --tag v2026.06-rc3
Coordinate
oci.grc.store/finos-ccc/ccc.monitor.th:v2026.06-rc3
Manifest digest
sha256:97efcc0afed4334ccf259ccb227cdac050457680afbdebd52ed63a7186dc6fe1

Provenance

1 layer
Digest Media type Size
971ffb2ccce6… application/vnd.gemara.artifact.v1+yaml 7.5 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.Monitor.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.monitor.th",
            "tag": "v2026.06-rc3"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "2",
          "GITHUB_RUN_ID": "26768391088",
          "GITHUB_SHA": "24594e28430c12318cacffe7fdda6a3ea272d975",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/management/monitoring/threats.yaml",
            "uri": "file://artifacts/management/monitoring/threats.yaml",
            "digest": {
              "sha256": "971ffb2ccce6c9e89ccee16b1a3c7e6642688092572c3e7a77f4573729b97859"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@24594e28430c12318cacffe7fdda6a3ea272d975",
            "digest": {
              "gitCommit": "24594e28430c12318cacffe7fdda6a3ea272d975"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26768391088",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26768391088-2",
          "startedOn": "2026-06-01T16:45:08.146923089Z",
          "finishedOn": "2026-06-01T16:45:08.228597929Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "971ffb2ccce6c9e89ccee16b1a3c7e6642688092572c3e7a77f4573729b97859"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.Monitor.TH",
      "role": "artifact"
    }
  ]
}

CCC Monitoring Threats

Threats for Monitoring technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.Monitor.TH
Version
v2026.06-rc3
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Observability

The Observability group covers entries related to logging, monitoring, metrics, alerting, and event publication. This includes audit trail integrity, enumeration detection, and protection against tampering or unauthorized access to operational telemetry.

  1. CCC.Monitor.TH01 Capture Personal Identifiable Information

    Unauthorised viewers may get access to PII if it is incorrectly collected by monitoring systems through metrics or tracing.

    Capabilities
    • CCC.Monitoring.Capabilities
      • CCC.Monitoring.CP01Metric collection
      • CCC.Monitoring.CP02Tracing
      • CCC.Monitoring.CP08Application Performance Monitoring (APM)
      • CCC.Monitoring.CP09Dashboard
      • CCC.Monitoring.CP11Integration with Third-Party Tools

  2. CCC.Monitor.TH02 Health Checks Used to Identify Attack Targets

    Health Checks are used to inform those responsible for maintaining a system that there is a problem, but if that information gets into the hands of a malicious actor, it can be used to target already problematic systems and mask malicious activity.

    Capabilities
    • CCC.Monitoring.Capabilities
      • CCC.Monitoring.CP04Health Checks

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

  1. CCC.Monitor.TH03 External Monitoring DoS

    If an external monitoring service is compromised, it can act as a host for instigating denial of service attacks on internal system which otherwise may not be protected against this form of attack.

    Capabilities
    • CCC.Monitoring.Capabilities
      • CCC.Monitoring.CP06Synthetic Monitoring

  2. CCC.Monitor.TH06 Cost Exhaustion Through Tampered Alerts or Metrics Collection

    Monitoring systems are expected to generate traffic, but it a malicious actor were to change alerts that were being fired at an API which charged per requests or generate large volumes of metric data which would then need to be stored and processed, or even triggering resource scaling, this would cause an increase in cloud bill.

    Capabilities
    • CCC.Monitoring.Capabilities
      • CCC.Monitoring.CP01Metric collection
      • CCC.Monitoring.CP11Integration with Third-Party Tools

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.Monitor.TH04 External Monitoring Access

    If an external monitoring system is compromised, it acts as a trusted external remote service and can then access internal services which would otherwise not be accessible directly.

    Capabilities
    • CCC.Monitoring.Capabilities
      • CCC.Monitoring.CP06Synthetic Monitoring

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.Monitor.TH05 Data Exfiltration Through Tampered Metrics

    If a malicious actor is able to make changes to the metrics being collected, it could be used to encrypt and or compress sensitive data and bypass controls preventing exfiltration. The data can then be staged in the monitoring system and exfiltrated in bulk at a later point in time

    Capabilities
    • CCC.Monitoring.Capabilities
      • CCC.Monitoring.CP01Metric collection
      • CCC.Monitoring.CP11Integration with Third-Party Tools

Compute

The Compute group covers entries related to processing, execution, and runtime infrastructure. This includes CPU, memory, storage allocation, network ports, command-line interfaces, and elastic scaling.

  1. CCC.Monitor.TH07 Trigger Malicious Code

    If a malicious actor is able to create new triggers, they would be able to use valid metric data to trigger malicious actions and re-compromise a newly replaced container or compute instance.

    Capabilities
    • CCC.Monitoring.Capabilities
      • CCC.Monitoring.CP01Metric collection
      • CCC.Monitoring.CP10Triggering
      • CCC.Monitoring.CP11Integration with Third-Party Tools