Select > Reports > Portal > Repository > Standard Content > OWASP > A 10 - Insufficient Logging and Monitoring.
According to OWASP, insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows malicious users to further attack systems; maintain persistence; pivot to more systems; and tamper, extract, or destroy data. Most major incidents start with an exploitation of the vulnerabilities in logging and monitoring. Yet, most organizations fail to discover the breach until several months have passed.
To help you detect potential breaches as soon as possible, use the following reports and dashboards:
Lists all logins that have occurred on the specified host.
Provides charts and a table to help you identify the top attackers, targets, and events over time.
This dashboard also is available in the Network Monitoring category of the Foundation reports.
Lists all the Audit Clear events that have occurred in the organization.
Provides charts and a table showing failed logins by time, users, hosts, reporting devices, and attacker address.
Lists the failed login events that have occurred in your environment.
Provides charts and a table showing the outcome of login activity, including successful logins. You can view activity by machine or user, as well as a chart shwoing the relationship between users and systems to which they log in.
Provides charts and a table that report the operating systems errors and warnings in the organization.
Provides charts and a table to help you identify the hosts where the security log is full.