Attacks are live in the logs. Detect them, configure alerting, and sanitize outputs before they reach end users.