Security Logging and Monitoring Failures
GPTKB entity
Statements (27)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
OWASP Top 10 Category
|
| gptkbp:alsoKnownAs |
A09:2021 – Security Logging and Monitoring Failures
|
| gptkbp:category |
A09
|
| gptkbp:describes |
Failure to log security-relevant events
Failure to monitor logs for suspicious activity Failure to alert on suspicious or malicious activity |
| gptkbp:example |
Lack of audit logs for critical transactions
Logs not protected from tampering Logs not retained for sufficient time No alerting on failed login attempts |
| https://www.w3.org/2000/01/rdf-schema#label |
Security Logging and Monitoring Failures
|
| gptkbp:mitigatedBy |
Regularly review and test logging and monitoring systems
Implement comprehensive logging of security events Monitor and alert on suspicious activities Protect and retain logs |
| gptkbp:owaspTop10Year |
2021
|
| gptkbp:partOf |
OWASP Top 10 (2021)
|
| gptkbp:relatedTo |
Forensics
Compliance Incident Response |
| gptkbp:replacedBy |
Insufficient Logging & Monitoring (OWASP Top 10 2017)
|
| gptkbp:riskFactor |
Delayed or undetected security breaches
Failure to comply with regulatory requirements Inability to perform forensic analysis |
| gptkbp:website |
https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/
|
| gptkbp:bfsParent |
gptkb:OWASP_Top_Ten
|
| gptkbp:bfsLayer |
5
|