Logging and monitoring

Audit log retention period is not set to 365 days

Risk Level

Informational (4)

Platform(s)

  • N/A

Compliance Frameworks

Description

Log retention controls how long activity logs should be retained. Studies have shown that The Mean Time to Detect (MTTD) a cyber breach is anywhere from 30 days in some sectors to up to 206 days in others. It was detected that the audit retention period under tenancy {OciIdentityCompartment.Name} is not set to 365 days. Retaining logs for at least 365 days will provide the ability to respond to incidents.

  • Recommended Mitigation

    Audit log retention period cannot be changed.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.