Understand what Security Logging and and Monitoring Failures are
Understand how to protect against Security Logging and Monitoring Failures
Security Logging and Monitoring Failures
When suspicious activity does occur on a system, it is important that this information is logged and that these logs are appropriately monitored. In the extreme case where a breach does occur, it's important that the system is able to detect this and notify its administrators.
Examples of logging and monitoring failures include:
failing to log important events such as failed-logins, money-transfers etc.
failing to properly log when errors have occured on the system
failing to detect or log suspicious activity or security breaches
failing to monitor logs for suspicious activity
Preventing Security Logging and Monitoring Failures
Ensure all failures of login, access control, and server-side input validation are logged.
Ensure suspicious activity is logged with enough user-context to identify malicious accounts.
Store high-value transactions with integrity controls to prevent tampering, such as append-only database tables.