Questions tagged [logging]
Specific to logging of alerts, activities and actions. This also covers user's history managed by software such as browsers.
384
questions
1
vote
0
answers
36
views
Log REST API calls in the most auditable way
I am working on a data processing task in an enterprise environment with Python3 installed on a client-side Windows Jump server.
The data, which I need to download regularly from a third-party ...
7
votes
1
answer
326
views
Odd repetitive 16character 404 web requests, with json "RefreshTTL" payload
A few weeks ago we had a single user's browser start hitting the server with a peculiar request (IP redacted for their privacy):
1.1.1.1 - - [21/May/2024:07:42:31 +0000] "POST /3kFtdvOkagEQbIxH ...
11
votes
3
answers
3k
views
What security risks do you see with wrong OTPs appearing in application logs?
An application is logging wrong OTPs (but not correct OTPs). I asked the application developers to not log wrong OTPs because I do not see any benefits. However, they do not want to modify the ...
0
votes
0
answers
79
views
Can already opened event logs of PowerShell's event properties screens on Windows be hacked by hackers in milliseconds?
I am wondering some issues about event log safety of powershell. I think is it possible to alter the powershell itself. But theorically the event log should show us every attempt made in powershell ...
0
votes
0
answers
76
views
Configured KQL not working properly - CiscoISE event 60095 and 60098
I have a default KQL below which is used to detect when Cisco ISE failed backup, it fires an alert in Sentinel.
But it is not working as expected - it does fire an alert, but returning a timestamp ...
0
votes
3
answers
306
views
Is it a security issue to include postcode and/or last name in a GET request query string?
I'm currently designing an API endpoint to validate a customer, and they can either pass in their postcode or their last name, as well as their customer ID (plus some other irrelevant data).
I've ...
0
votes
0
answers
112
views
How to write separate log files for separate services in dionaea honeypot
I am trying to set up a honeypot service on the network and I installed dionaea honeypot. I figured out that each service is being controlled by yaml files present in /opt/dionaea/etc/dionaea/services-...
0
votes
0
answers
120
views
Unexpected drop in UFW noise, should I be worried?
I run a bare-metal on-premises GitLab server (Ubuntu 22.04) for a very small company. While the server isn't currently in production use, it is active and accessible over the public internet.
I have ...
1
vote
1
answer
121
views
Logging secrets in the user agent (browser)
There are sound reasons not to put any secrets, PII or other sensitive information into the logs on the server side (see OWASP ASVS V7).
But should the same rule apply on the client side? Is there a ...
3
votes
2
answers
219
views
Is there any Security Benefits (auditing) to keeping old emails/text that give 2FA account codes?
Is there any Security Benefits/Risk in keeping old "Here is your 2FA login code" in email and text?
I always wonder if seeing one that is unread could queue me in to something bad happening ...
0
votes
0
answers
72
views
Can my employer see my private google account history when just logging in and out in a matter of 10 seconds on a work laptop (REPOSTED) [duplicate]
So I did this post before on a guest account but I had further questions so now I'm posing it on a real one.
Can my employer see my private google history/”google activity” if I didn’t do anything on ...
0
votes
2
answers
9k
views
Can my employer see my private google account history when just logging in and out in a matter of 10 seconds on a work laptop
Can my employer see my private google history/”google activity” if I didn’t do anything on my work pc?
For some context I logged in to my private google account on my work computer just to send a pdf ...
1
vote
1
answer
129
views
Guardrails Around Logs For Devs
Are there good ways to put guardrails on not logging sensitive information? For example, passwords
If there isn't a guardrails approach, is there a way to help make the easy thing the right thing like ...
0
votes
0
answers
777
views
A Continuous Flood of Kernel Warnings. Am I under attack?
I have a Linksys WRT1200AC with DD-WRT v3.0-r48865 std. It's connected to the Internet through the ISP's modem in bridge mode.
My syslog reports continuously, many times per second stuff like this:
...
0
votes
0
answers
66
views
Sending logs with bug reports: how to defend against easy exploits like malicious file enlargement?
When a crash occurs or when a user reports a bug, I'd like to send my application's logs to a cloud service (Firebase).
But I've just realised that there are tons of kindergarten level exploits. For ...