Security Logging and Monitoring Failures
GPTKB entity
Statements (27)
Predicate | Object |
---|---|
gptkbp:instanceOf |
OWASP Top 10 Category
|
gptkbp:alsoKnownAs |
A09:2021 – Security Logging and Monitoring Failures
|
gptkbp:category |
A09
|
gptkbp:describes |
Failure to log security-relevant events
Failure to monitor logs for suspicious activity Failure to alert on suspicious or malicious activity |
gptkbp:example |
Lack of audit logs for critical transactions
Logs not protected from tampering Logs not retained for sufficient time No alerting on failed login attempts |
https://www.w3.org/2000/01/rdf-schema#label |
Security Logging and Monitoring Failures
|
gptkbp:mitigatedBy |
Regularly review and test logging and monitoring systems
Implement comprehensive logging of security events Monitor and alert on suspicious activities Protect and retain logs |
gptkbp:owaspTop10Year |
2021
|
gptkbp:partOf |
OWASP Top 10 (2021)
|
gptkbp:relatedTo |
Forensics
Compliance Incident Response |
gptkbp:replacedBy |
Insufficient Logging & Monitoring (OWASP Top 10 2017)
|
gptkbp:riskFactor |
Delayed or undetected security breaches
Failure to comply with regulatory requirements Inability to perform forensic analysis |
gptkbp:website |
https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/
|
gptkbp:bfsParent |
gptkb:OWASP_Top_Ten
|
gptkbp:bfsLayer |
5
|