💼 RS.AN-03: Analysis is performed to establish what has taken place during an incident and the root cause of the incident

• Contextual name: 💼 RS.AN-03: Analysis is performed to establish what has taken place during an incident and the root cause of the incident
• ID: /frameworks/nist-csf-v2.0/rs-an/03
• Located in: 💼 Incident Analysis (RS.AN)

Description

1. Determine the sequence of events that occurred during the incident and which assets and resources were involved in each event
2. Attempt to determine what vulnerabilities, threats, and threat actors were directly or indirectly involved in the incident
3. Analyze the incident to find the underlying, systemic root causes
4. Check any cyber deception technology for additional information on attacker behavior

Similar

• Sections
  • /frameworks/nist-csf-v1.1/rs-an/03
  • /frameworks/nist-sp-800-53-r5/au/07
  • /frameworks/nist-sp-800-53-r5/ir/04

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 RS.AN-3: Forensics are performed			1
💼 NIST SP 800-53 Revision 5 → 💼 AU-7 Audit Record Reduction and Report Generation	2	1	18
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling	15

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (17)

Policy	Logic Count	Flags
📝 Google Cloud Audit Logging is not configured properly 🟢	1	🟢 x6
📝 Google Cloud PostgreSQL Instance Log_error_verbosity Database Flag is not set to DEFAULT or stricter 🟢	1	🟢 x6
📝 Google Cloud PostgreSQL Instance Log_connections Database Flag is not set to On 🟢	1	🟢 x6
📝 Google Cloud PostgreSQL Instance Log_disconnections Database Flag is not set to On 🟢	1	🟢 x6
📝 Google Cloud PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter 🟢	1	🟢 x6
📝 Google Cloud PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning 🟢	1	🟢 x6
📝 Google Cloud PostgreSQL Instance Log_statement Database Flag is not set appropriately 🟢	1	🟢 x6
📝 Google GCE Network DNS Policy Logging is not enabled 🟢	1	🟢 x6
📝 Google HTTP(S) Load Balancer Logging is not enabled 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Sink for All Log Entries is not configured 🟢	1	🟢 x6