Monitor security audit logs to detect activity outside of typical or expected patterns. Establish and follow a defined process to review and take appropriate and timely actions on detected anomalies.
Failure response capabilities should be in place. Also, consider infrastructure layers (e.g., network, container orchestration, hypervisor, endpoint, control plane, and data plane). Monitor failures and alerts should they occur.
- Examine policy for the monitoring of audit logs.
- Determine if policy and patterns have been established for anomalous activities.
- Examine policy for the review of, and timely action on anomalies.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.