DE.AE-02: Potentially adverse events are analyzed to better understand associated activities

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Use security information and event management (SIEM) or other tools to continuously monitor log events for known malicious and suspicious activity

Ex2: Utilize up-to-date cyber threat intelligence in log analysis tools to improve detection accuracy and characterize threat actors, their methods, and indicators of compromise

Ex3: Regularly conduct manual reviews of log events for technologies that cannot be sufficiently monitored through automation

Ex4: Use log analysis tools to generate reports on their findings

1st: 1st Party Risk