💼 DE.AE-02: Potentially adverse events are analyzed to better understand associated activities

• Contextual name: 💼 DE.AE-02: Potentially adverse events are analyzed to better understand associated activities
• ID: /frameworks/nist-csf-v2.0/de-ae/02
• Located in: 💼 Adverse Event Analysis (DE.AE)

Description

1. Use security information and event management (SIEM) or other tools to continuously monitor log events for known malicious and suspicious activity
2. Utilize up-to-date cyber threat intelligence in log analysis tools to improve detection accuracy and characterize threat actors, their methods, and indicators of compromise
3. Regularly conduct manual reviews of log events for technologies that cannot be sufficiently monitored through automation
4. Use log analysis tools to generate reports on their findings

Similar

• Sections
  • /frameworks/nist-csf-v1.1/de-ae/02
  • /frameworks/nist-sp-800-53-r5/au/06
  • /frameworks/nist-sp-800-53-r5/ca/07
  • /frameworks/nist-sp-800-53-r5/ir/04
  • /frameworks/nist-sp-800-53-r5/si/04

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 DE.AE-2: Detected events are analyzed to understand attack targets and methods		19	22
💼 NIST SP 800-53 Revision 5 → 💼 AU-6 Audit Record Review, Analysis, and Reporting	10	1	7
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		8
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling	15
💼 NIST SP 800-53 Revision 5 → 💼 SI-4 System Monitoring	25	2	6

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (26)

Policy	Logic Count	Flags
📝 AWS Account Multi-Region CloudTrail is not enabled 🟢	1	🟢 x6
📝 AWS API Gateway API Access Logging in CloudWatch is not enabled 🟢	1	🟠 x1, 🟢 x5
📝 AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟢	1	🟢 x6
📝 AWS API Gateway REST API Stage X-Ray Tracing is not enabled 🟢	1	🟢 x6
📝 AWS CloudTrail Log File Validation is not enabled 🟢	1	🟢 x6
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢	1	🟢 x6
📝 AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check 🟢	1	🟢 x6
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢	1	🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢	1	🟢 x6
📝 AWS VPC Flow Logs are not enabled 🟢	1	🟠 x1, 🟢 x5
📝 Azure Diagnostic Setting for Azure Key Vault is not enabled 🟢		🟢 x3
📝 Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server log_connections Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure SQL Server Auditing is not enabled 🟢	1	🟢 x6
📝 Azure SQL Server Auditing Retention is less than 90 days 🟢	1	🟢 x6
📝 Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟢	1	🟢 x6
📝 Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟢	1	🟢 x6