Definition

<aside> 📗 When you’re not catch doing brute force, scan, bad things in general

</aside>

Auditable events, such as logins, failed logins, and high-value transactions are not logged.
Warnings and errors generate no, inadequate, or unclear log messages.
Logs of applications and APIs are not monitored for suspicious activity.
Logs are only stored locally.
Appropriate alerting thresholds and response escalation processes are not in place or effective.
Penetration testing and scans by DAST tools (such as OWASP ZAP ) do not trigger alerts.
The application is unable to detect, escalate, or alert for active attacks in real time or near real time.