API10:2019 — Insufficient logging and monitoring
Lack of proper logging, monitoring, and alerting allows attacks and attackers go unnoticed.
- Logs are not protected for integrity.
- Logs are not integrated into Security Information and Event Management (SIEM) systems.
- Logs and alerts are poorly designed.
- Companies rely on manual rather than automated systems.
How to prevent
- Log failed attempts, denied access, input validation failures, or any failures in security policy checks.
- Ensure that logs are formatted so that other tools can consume them as well.
- Protect logs like highly sensitive information.
- Include enough detail to identify attackers.
- Avoid having sensitive data in logs — if you need the information for debugging purposes, redact it partially.
- Integrate with SIEMs and other dashboards, monitoring, and alerting tools.