The goal of the Detect function is to develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.
Anomalous activity is detected and the potential impact of events is understood.
The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.
Detection processes and procedures are maintained and tested to ensure awareness of anomalous events.