Missing security-relevant logging prevents incident detection

Failed login attempts, password reset spikes, admin access from unusual locations, and other security events are not logged or monitored, preventing detection of attacks in progress.

Implement logging for failed logins, password reset requests, admin access, and permission denials. Monitor logs for patterns: spikes in failed auth, unusual geolocations, repeated 403s. Set up alerts for anomalies. Minimum questions to answer: failed logins today, password reset spikes, unusual admin access.