6: Maintenance, Monitoring and Analysis of Audit Logs

PF v1.0 References:

Threats Addressed:

Control Statement

Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]


6.3: Enable Detailed Logging

Enable system logging to include detailed information such as a event source, date, user, timestamp, source addresses, destination addresses, and other useful elements.

6.5: Central Log Management

Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.

6.8: Regularly Tune SIEM

On a regular basis, tune your SIEM system to better identify actionable events and decrease event noise.