Security Logging and Monitoring Failures

GPTKB entity

Statements (27)
Predicate Object
gptkbp:instanceOf OWASP Top 10 Category
gptkbp:alsoKnownAs A09:2021 – Security Logging and Monitoring Failures
gptkbp:category A09
gptkbp:describes Failure to log security-relevant events
Failure to monitor logs for suspicious activity
Failure to alert on suspicious or malicious activity
gptkbp:example Lack of audit logs for critical transactions
Logs not protected from tampering
Logs not retained for sufficient time
No alerting on failed login attempts
https://www.w3.org/2000/01/rdf-schema#label Security Logging and Monitoring Failures
gptkbp:mitigatedBy Regularly review and test logging and monitoring systems
Implement comprehensive logging of security events
Monitor and alert on suspicious activities
Protect and retain logs
gptkbp:owaspTop10Year 2021
gptkbp:partOf OWASP Top 10 (2021)
gptkbp:relatedTo Forensics
Compliance
Incident Response
gptkbp:replacedBy Insufficient Logging & Monitoring (OWASP Top 10 2017)
gptkbp:riskFactor Delayed or undetected security breaches
Failure to comply with regulatory requirements
Inability to perform forensic analysis
gptkbp:website https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/
gptkbp:bfsParent gptkb:OWASP_Top_Ten
gptkbp:bfsLayer 5