This document provides security information to protect your applications against attacks that can result from insufficient system and application logging and monitoring.
Security Logging and Monitoring Failures - OWASP Documentation
-
If GeneXus Access Manager (GAM) is not used, a customized access control module and the corresponding logging actions must be developed. The following events should be logged:
-
If GAM is used, the first three items of the previous list are covered by default
-
In any case, high-impact Transactions need to be identified and logged as they are business-specific and GeneXus cannot perform these actions automatically.
-
Must establish a monitoring process and effective alerts to act in an acceptable time window. Also, a response plan like NIST 800-61 rev. 2 or later.
Since
GeneXus 18 upgrade 1.