This misconfiguration highlights a detailed aspect of the MITRE ATT&CK matrix and describes a security gap in logging, alerting, or monitoring.

Logging, monitoring, and alerting are crucial components of cybersecurity. Logging involves recording detailed information about system activities, which helps in understanding and analyzing events. Monitoring is the continuous observation of systems, processes and networks to detect suspicious activities or outlier behaviour in real-time. Alerting ensures that when potential security threats are identified, immediate notifications are sent to the relevant personnel. Together, these practices enable organizations to quickly identify and respond to security incidents, minimize damage, and maintain compliance with regulatory requirements.

Most attacks begin with the enumeration of resources available to the attacker. Many of these enumeration attempts can be detected through logging. Without sufficient detection, a malicious actor could make increasingly bold enumeration attempts, speeding up their chances of succeeding in gaining a foothold in the environment. By implementing proper alerting, relevant parties can be quickly made aware of any malicious enumeration attempts. Finally, monitoring can help analyze the impact of any successful attack steps that may have taken root.

Mitigations: Ensure that proper logging, monitoring and alerting is implemented wherever possible. When making use of a platform or cloud service provider, make use of native security tooling, services and features which assist in logging, monitoring and alerting.