T.Audit.1
|
Medium
|
Likely
|
An entity creates a large number of auditable events in order to cause the AMI audit logs to run out of resource space.
|
T.Audit.2
|
Medium
|
Likely
|
An AMI entity with proper access to the audit logs fails to clear enough space for the logs, causing the AMI audit logs to run out of resource space.
|
T.Audit.3
|
Medium
|
Likely
|
An entity causes the AMI auditing function to fail, allowing an entity to perform non-recorded auditable actions.
|
T.Audit.4
|
High
|
Likely
|
An entity reads AMI audit logs when it does not have authorization to read any audit logs.
|
T.Audit.5
|
Medium
|
Likely
|
An entity reads AMI audit logs with a security attribute it does not possess.
|
T.Audit.6
|
High
|
Likely
|
An entity modifies AMI audit logs to hide other actions.
|
T.Audit.7
|
High
|
Likely
|
An entity deletes AMI audit logs it does not have authorization to delete.
|
T.Audit.8
|
Low
|
Likely
|
An AMI entity with proper access misinterprets audit data, and thus cannot detect inappropriate actions of other principals.
|
T.Audit.9
|
Low
|
Likely
|
An AMI entity with proper access cannot find the desired audit data within the AMI audit logs, and thus cannot detect inappropriate actions of other principals.
|
T.Audit.10
|
Medium
|
Unlikely
|
An AMI entity with proper access is not provided enough information by the AMI audit logs to detect inappropriate actions of other principals.
|
T.Audit.11
|
Medium
|
Unlikely
|
An AMI entity with proper access is not provided enough information by the AMI audit logs to identify principals who take inappropriate actions.
|
|