Objectives of Anomalies and Events
Anomalous activity is detected in a timely manner and the potential impact of events is understood.
- DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed
- DE.AE-2: Detected events are analyzed to understand attack targets and methods
- DE.AE-3: Event data are aggregated and correlated from multiple sources and sensors
- DE.AE-4: Impact of events is determined
- DE.AE-5: Incident alert thresholds are established