DE: Detect

Description

The goal of the Detect function is to develop and implement appropriate activities to identify the occurrence of a cybersecurity event.

The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

Framework Categories

DE.AE: Anomalies and Events

Anomalous activity is detected and the potential impact of events is understood.

DE.CM: Security Continuous Monitoring

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

DE.DP: Detection Processes

Detection processes and procedures are maintained and tested to ensure awareness of anomalous events.