Skip to main content

πŸ’Ό DE.AE-03: Information is correlated from multiple sources

  • Contextual name: πŸ’Ό DE.AE-03: Information is correlated from multiple sources
  • ID: /frameworks/nist-csf-v2.0/de-ae/03
  • Located in: πŸ’Ό Adverse Event Analysis (DE.AE)

Description​

  1. Constantly transfer log data generated by other sources to a relatively small number of log servers
  2. Use event correlation technology (e.g., SIEM) to collect information captured by multiple sources
  3. Utilize cyber threat intelligence to help correlate events among log sources

Similar​

  • Sections
    • /frameworks/nist-csf-v1.1/de-ae/03
    • /frameworks/nist-sp-800-53-r5/au/06
    • /frameworks/nist-sp-800-53-r5/ca/07
    • /frameworks/nist-sp-800-53-r5/pm/16
    • /frameworks/nist-sp-800-53-r5/ir/04
    • /frameworks/nist-sp-800-53-r5/ir/05
    • /frameworks/nist-sp-800-53-r5/ir/08
    • /frameworks/nist-sp-800-53-r5/si/04

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-3: Event data are collected and correlated from multiple sources and sensors1837
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6 Audit Record Review, Analysis, and Reporting10111
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-7 Continuous Monitoring610
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-4 Incident Handling15
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-5 Incident Monitoring1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-8 Incident Response Plan1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-16 Threat Awareness Program1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4 System Monitoring2518

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (46)​

PolicyLogic CountFlags
πŸ“ AWS Account Multi-Region CloudTrail is not enabled 🟒1🟒 x6
πŸ“ AWS API Gateway API Access Logging in CloudWatch is not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟒1🟒 x6
πŸ“ AWS API Gateway REST API Stage X-Ray Tracing is not enabled 🟒1🟒 x6
πŸ“ AWS CloudFront Distribution Logging is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail Log File Validation is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟒1🟒 x6
πŸ“ AWS DMS Migration Task Logging is not enabled 🟒1🟒 x6
πŸ“ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check 🟒1🟒 x6
πŸ“ AWS KMS Symmetric CMK Rotation is not enabled 🟒1🟒 x6
πŸ“ AWS S3 Bucket Server Access Logging is not enabled 🟒1🟒 x6
πŸ“ AWS VPC Flow Logs are not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ Azure Diagnostic Setting for Azure Key Vault is not enabled 🟒🟒 x3
πŸ“ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server log_connections Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure SQL Server Auditing is not enabled 🟒1🟒 x6
πŸ“ Azure SQL Server Auditing Retention is less than 90 days 🟒1🟒 x6
πŸ“ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6
πŸ“ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟒1🟒 x6
πŸ“ Google Cloud Audit Logging is not configured properly 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_error_verbosity Database Flag is not set to DEFAULT or stricter 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_connections Database Flag is not set to On 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_disconnections Database Flag is not set to On 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_statement Database Flag is not set appropriately 🟒1🟒 x6
πŸ“ Google GCE Network DNS Policy Logging is not enabled 🟒1🟒 x6
πŸ“ Google GCE Subnetwork Flow Logs are not enabled 🟒1🟒 x6
πŸ“ Google HTTP(S) Load Balancer Logging is not enabled 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Sink for All Log Entries is not configured 🟒1🟒 x6