CWE-778

Insufficient Logging

AI Translation Available

When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.

Status

draft

Abstraction

base

Likelihood

medium

Affected Platforms

Cloud Computing Not Technology-Specific

Extended Description

AI Translation

When security-critical events are not logged properly, such as a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analysis after an attack succeeds.

As organizations adopt cloud storage resources, these technologies often require configuration changes to enable detailed logging information, since detailed logging can incur additional costs. This could lead to telemetry gaps in critical audit logs. For example, in Azure, the default value for logging is disabled.

Technical Details

AI Translation

Common Consequences

non-repudiation

Impacts

hide activities

Detection Methods

automated static analysis

Potential Mitigations

Phases:

architecture and design implementation operation

Descriptions:

• Use a centralized logging mechanism that supports multiple levels of detail.

• Ensure that all security-related successes and failures can be logged. When storing data in the cloud (e.g., AWS S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to enable and capture detailed logging information.

• To enable storage logging using Azure's Portal, navigate to the name of the Storage Account, locate Monitoring (CLASSIC) section, and select Diagnostic settings (classic). For each of the various properties (blob, file, table, queue), ensure the status is properly set for the desired logging data. If using PowerShell, the Set-AzStorageServiceLoggingProperty command could be called using appropriate -ServiceType, -LoggingOperations, and -RetentionDays arguments.

• Be sure to set the level of logging appropriately in a production environment. Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks. At the same time, logging too much data (CWE-779) can cause the same problems, including unexpected costs when using a cloud environment.

AI Generated Translation

Common Consequences

non-ripudio

Impacts

nascondere attività

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

architettura e design implementazione operazione

Descriptions:

• Utilizzare un meccanismo di logging centralizzato che supporti più livelli di dettaglio.

• Assicurarsi che tutti i successi e fallimenti legati alla sicurezza possano essere registrati. Quando si memorizzano dati nel cloud (ad esempio, AWS S3 buckets, Azure blobs, Google Cloud Storage, ecc.), utilizzare i controlli del provider per abilitare e catturare informazioni di logging dettagliate.

• Per abilitare la registrazione dello storage utilizzando il Portale di Azure, navigare al nome dell'Account di Storage, individuare la sezione Monitoring (CLASSIC) e selezionare Diagnostic settings (classic). Per ciascuna delle varie proprietà (blob, file, table, queue), assicurarsi che lo stato sia correttamente impostato per i dati di registrazione desiderati. Se si utilizza PowerShell, il comando Set-AzStorageServiceLoggingProperty può essere chiamato utilizzando gli argomenti appropriati -ServiceType, -LoggingOperations e -RetentionDays.

• Assicurarsi di impostare correttamente il livello di logging in un ambiente di produzione. I dati sufficienti devono essere registrati per consentire agli amministratori di sistema di rilevare attacchi, diagnosticare errori e recuperare dagli attacchi. Allo stesso tempo, registrare troppi dati (CWE-779) può causare gli stessi problemi, inclusi costi imprevisti quando si utilizza un ambiente cloud.

CWE-778

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter