Logging and monitoring

Audit log retention period is not set to 365 days

Risk Level

Informational (4)

  • N/A


Log retention controls how long activity logs should be retained. Studies have shown that The Mean Time to Detect (MTTD) a cyber breach is anywhere from 30 days in some sectors to up to 206 days in others. It was detected that the audit retention period under tenancy {OciIdentityCompartment.Name} is not set to 365 days. Retaining logs for at least 365 days will provide the ability to respond to incidents.
  • Recommended Mitigation

    Audit log retention period cannot be changed.