Security Logging and Monitoring Failures

Select Reports > Portal > Repository > Standard Content > OWASP > A 9 - Security Logging and Monitoring Failures.

According to OWASP, insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows malicious users to further attack systems; maintain persistence; pivot to more systems; and tamper, extract, or destroy data. Most major incidents start with an exploitation of the vulnerabilities in logging and monitoring. Yet, most organizations fail to discover the breach until several months have passed.

To help you detect potential breaches as soon as possible, use the following reports and dashboards:

Dashboards

Reports

Attacks and Suspicious Activity Overiew

Failed Logins Overview

Security Log is Full

All Logins by Hostname

Audit Log Cleared

Failed Logins Summary

Operating System Errors and Warnings

All Logins by Hostname: Lists all logins that have occurred on the specified host.

Attacks and Suspicious Activity Overview: Provides charts and a table to help you identify the top attackers, targets, and events over time.

Audit Log Cleared: Lists all the Audit Clear events that have occurred in the organization.

Failed Logins Overview: Provides charts and a table showing failed logins by time, users, hosts, reporting devices, and attacker address.

Failed Logins Summary: Lists the failed login events that have occurred in your environment.

Login Activity Overview: Provides charts and a table showing the outcome of login activity, including successful logins. You can view activity by machine or user, as well as a chart showing the relationship between users and systems to which they log in.

Operating System Errors and Warnings: Provides charts and a table that report the operating systems errors and warnings in the organization.

Security Log is Full

Provides charts and a table to help you identify the hosts where the security log is full.