Logging and monitoring

Audit log retention period is not set to 365 days

Platform(s)

  • Oracle Cloud Infrastructure

Compliance Frameworks

CCPA, CPRA, hdh, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, OCI CIS, PDPA, pipeda

Description

Log retention controls how long activity logs should be retained. Studies have shown that The Mean Time to Detect (MTTD) a cyber breach is anywhere from 30 days in some sectors to up to 206 days in others. It was detected that the audit retention period under tenancy {OciIdentityCompartment.Name} is not set to 365 days. Retaining logs for at least 365 days will provide the ability to respond to incidents.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo