This category has been expanded to include more types of errors, it is difficult to test, and is not well represented in CVE/CVSS data. The direct impacts are on visibility, incident reporting, and forensics.
Security logging and monitoring failures is a broad category of vulnerabilities that includes the installation, configuration, and sometimes inadequate application of security tools aimed at identifying anomalies and/or intrusions within an environment.
Defense team tools often include Security Information and Event Management (SIEM) systems, which identify and display all activities in the environment. They report suspected anomalous or malicious behavior. However, they are completely ineffective if not properly tuned.
| OWASP Top 10 Application Security Risks - 2021 | Reference |
|---|---|
| A09:2021 – Security Logging and Monitoring Failures | OWASP |
The genesis of most successful attacks begins with reconnaissance and vulnerability identification. If these go unnoticed during this initial assessment phase due to insufficient logging and monitoring, the opportunity to block the attack in its early stages is lost, thus increasing the likelihood of a successful attack.Francesco Ongaro
