Conduct reviews of audit logs to detect anomalies or abnormal events that could indicate a potential threat. Conduct reviews on a weekly, or more frequent, basis..
Asset Type | Security Function | Implementation Groups |
---|---|---|
Network | Detect | 2, 3 |
- None
- Timestamp for two consecutive log reviews
- Log reviews are conducted at regular and consistent intervals
- Compare each timestamp to determine timeframe between log reviews in days (M1)
- M1 = Timeframe between log reviews
If M1 is greater than seven, this safeguard is measured at a 0 and receives a failing score.