Skip to main content

πŸ’Ό DE.AE-03: Information is correlated from multiple sources

  • Contextual name: πŸ’Ό DE.AE-03: Information is correlated from multiple sources
  • ID: /frameworks/nist-csf-v2.0/de-ae/03
  • Located in: πŸ’Ό Adverse Event Analysis (DE.AE)

Description​

  1. Constantly transfer log data generated by other sources to a relatively small number of log servers
  2. Use event correlation technology (e.g., SIEM) to collect information captured by multiple sources
  3. Utilize cyber threat intelligence to help correlate events among log sources

Similar​

  • Sections
    • /frameworks/nist-csf-v1.1/de-ae/03
    • /frameworks/nist-sp-800-53-r5/au/06
    • /frameworks/nist-sp-800-53-r5/ca/07
    • /frameworks/nist-sp-800-53-r5/pm/16
    • /frameworks/nist-sp-800-53-r5/ir/04
    • /frameworks/nist-sp-800-53-r5/ir/05
    • /frameworks/nist-sp-800-53-r5/ir/08
    • /frameworks/nist-sp-800-53-r5/si/04

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-3: Event data are collected and correlated from multiple sources and sensors1922
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6 Audit Record Review, Analysis, and Reporting1017
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-7 Continuous Monitoring68
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-4 Incident Handling15
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-5 Incident Monitoring1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-8 Incident Response Plan1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-16 Threat Awareness Program1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4 System Monitoring2526

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (26)​

PolicyLogic CountFlags
πŸ“ AWS Account Multi-Region CloudTrail is not enabled 🟒1🟒 x6
πŸ“ AWS API Gateway API Access Logging in CloudWatch is not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟒1🟒 x6
πŸ“ AWS API Gateway REST API Stage X-Ray Tracing is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail Log File Validation is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟒1🟒 x6
πŸ“ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check 🟒1🟒 x6
πŸ“ AWS KMS Symmetric CMK Rotation is not enabled 🟒1🟒 x6
πŸ“ AWS S3 Bucket Server Access Logging is not enabled 🟒1🟒 x6
πŸ“ AWS VPC Flow Logs are not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ Azure Diagnostic Setting for Azure Key Vault is not enabled 🟒🟒 x3
πŸ“ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server log_connections Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure SQL Server Auditing is not enabled 🟒1🟒 x6
πŸ“ Azure SQL Server Auditing Retention is less than 90 days 🟒1🟒 x6
πŸ“ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6
πŸ“ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟒1🟒 x6