Avoid excessive logging
Summary
The system must not register unnecessary information when logging exceptional events.
Description
While event logging is generally a good security practice, the organization must consider that using high logging levels is only appropriate for development environments, since having too much log information in production stages may hinder the performance of a system administrator in detecting abnormal conditions. This may imply that both the attacker and the attack be able to remain hidden while trying to penetrate the system, the audit trail in a forensic analysis be reduced, or the debugging of issues in production environments be hindered.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🔴 |
| Squad | 🟢 |
References
- CWE™-779. Logging of excessive data
- NYDFS-500_6. Audit trail
- MITRE ATT&CK®-M1047. Audit
- CMMC-AU_L2-3_3_3. Event review
- HITRUST CSF-09_h. Capacity management
- HITRUST CSF-09_ab. Monitoring system use
- FedRAMP-AU-12_3. Audit regeneration - Changes by authorized individuals
- ISO/IEC 27002-8_25. Secure development lifecycle
- LGPD-18_IV. Data Subjects Rights
- ISA/IEC 62443-UC-2_9. Audit storage capacity
- OSSTMM3-11_9_3. Data networks security - Limitations mapping
- NIST 800-171-3_6. Provide audit record reduction
- NIST 800-115-3_2. Log review
- OWASP ASVS-7_1_4. Log content
- SIG Core-U_1_4. Server security
- OWASP API Security Top 10-API10. Insufficient Logging & Monitoring
- ISO/IEC 27001-8_25. Secure development lifecycle
Vulnerabilities
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.