Skip to main content

💼 DE.AE-03: Information is correlated from multiple sources

  • ID: /frameworks/nist-csf-v2.0/de-ae/03

Description

  1. Constantly transfer log data generated by other sources to a relatively small number of log servers
  2. Use event correlation technology (e.g., SIEM) to collect information captured by multiple sources
  3. Utilize cyber threat intelligence to help correlate events among log sources

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/de-ae/03
    • /frameworks/nist-sp-800-53-r5/au/06
    • /frameworks/nist-sp-800-53-r5/ca/07
    • /frameworks/nist-sp-800-53-r5/pm/16
    • /frameworks/nist-sp-800-53-r5/ir/04
    • /frameworks/nist-sp-800-53-r5/ir/05
    • /frameworks/nist-sp-800-53-r5/ir/08
    • /frameworks/nist-sp-800-53-r5/si/04

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 DE.AE-3: Event data are collected and correlated from multiple sources and sensors1838no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6 Audit Record Review, Analysis, and Reporting10113no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring613no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling151no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-5 Incident Monitoring1no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-8 Incident Response Plan1no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-16 Threat Awareness Program1no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-4 System Monitoring25110no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (50)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account Multi-Region CloudTrail is not enabled🟢1🟢 x6no data
🛡️ AWS API Gateway API Access Logging in CloudWatch is not enabled🟢1🟠 x1, 🟢 x5no data
🛡️ AWS API Gateway API Execution Logging in CloudWatch is not enabled🟢1🟢 x6no data
🛡️ AWS API Gateway REST API Stage X-Ray Tracing is not enabled🟢1🟢 x6no data
🛡️ AWS CloudFront Distribution Logging is not enabled🟢1🟢 x6no data
🛡️ AWS CloudTrail Log File Validation is not enabled🟢1🟢 x6no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢1🟢 x6no data
🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢1🟢 x6no data
🛡️ AWS DMS Migration Task Logging is not enabled🟢1🟢 x6no data
🛡️ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check🟢1🟢 x6no data
🛡️ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟢1🟢 x6no data
🛡️ AWS GuardDuty is not enabled in all regions🟢1🟢 x6no data
🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢1🟢 x6no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢1🟢 x6no data
🛡️ AWS VPC Flow Logs are not enabled🟢1🟠 x1, 🟢 x5no data
🛡️ Azure Diagnostic Setting for Azure Key Vault is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server log_connections Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure SQL Server Auditing is not enabled🟢1🟢 x6no data
🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢1🟢 x6no data
🛡️ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests🟢1🟢 x6no data
🛡️ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Delete Security Solution does not exist🟢1🟢 x6no data
🛡️ Google Cloud Audit Logging is not configured properly🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_error_verbosity Database Flag is not set to DEFAULT or stricter🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_connections Database Flag is not set to On🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_disconnections Database Flag is not set to On🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_statement Database Flag is not set appropriately🟢1🟢 x6no data
🛡️ Google GCE Firewall Rule logging is disabled🟢1🟢 x6no data
🛡️ Google GCE Network DNS Policy Logging is not enabled🟢1🟢 x6no data
🛡️ Google GCE Subnetwork Flow Logs are not enabled🟢1🟢 x6no data
🛡️ Google HTTP(S) Load Balancer Logging is not enabled🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Sink for All Log Entries is not configured🟢1🟢 x6no data