Ensure log format includes critical fields

Description

A security log should include authentication and authorization events, service configuration changes, object reads and writes, all user and group permission changes, elevation of role to admin, consistent time-stamping for each event, source users, IP addresses, and/or hostnames for all logged actions.

Stack layer

Security domain

Security tool initiated by this item

Operations

Monitoring

Manual input


Did this page help you?