True or False: You should always audit log on successes.

Auditing logs on successes may not always be necessary or practical. While monitoring successes can provide valuable information in certain contexts, such as understanding normal user behavior or confirming successful transactions, it can also lead to an overwhelming amount of data that is difficult to analyze and may obscure more critical incidents.

By focusing on failures, organizations can often pinpoint security issues or attempts to compromise systems more effectively. This allows security teams to prioritize their resources towards identifying and responding to suspicious activities rather than sifting through extensive logs of successful actions, which may not indicate security threats.

Additionally, the decision to audit log successes depends greatly on the specific needs and resources of an organization. Smaller organizations may not have the capacity to handle the volume of success logs, while larger enterprises may have more sophisticated systems in place that warrant tracking successes due to numerous access points and user actions.

Hence, the assertion that one should always audit logs on successes is not universally applicable, making the answer valid in reflecting a more nuanced approach to logging strategies in network security.