DE.AE-02: Potentially adverse events are analyzed to better understand associated activities
Ex1: Use security information and event management (SIEM) or other tools to continuously monitor log events for known malicious and suspicious activity
Ex2: Utilize up-to-date cyber threat intelligence in log analysis tools to improve detection accuracy and characterize threat actors, their methods, and indicators of compromise
Ex3: Regularly conduct manual reviews of log events for technologies that cannot be sufficiently monitored through automation
Ex4: Use log analysis tools to generate reports on their findings
Tier
Description
Potentially adverse events are analyzed to better understand associated activities