The application or cloud environment does not sufficiently log security-critical events. Important actions such as authentication failures, access attempts, storage operations, or other audit-relevant activities may be missing from the logs or recorded without enough detail to support investigation. This reduces visibility into malicious or suspicious behaviour and can prevent administrators from detecting attacks, identifying affected resources, or performing reliable forensic analysis after an incident.

In cloud environments, storage and audit logging may require explicit configuration. If detailed logging is disabled or incomplete, security teams may be unable to detect unauthorised access, brute-force attempts, data access patterns, or post-compromise activity in a timely manner.

Remediation:

Enable detailed logging for all security-relevant events, including authentication successes and failures, access control decisions, administrative actions, and cloud storage operations. Logs should include enough context to support investigation, such as timestamps, user or service account identity, source IP, affected resource, action performed, and result. Where possible, centralise logs in a secure logging platform and configure appropriate retention, alerting, and monitoring rules.