August 31, 2016

Anomalies and Events (DE.AE)

Objectives of Anomalies and Events

Anomalous activity is detected in a timely manner and the potential impact of events is understood.

  • DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed
  • DE.AE-2: Detected events are analyzed to understand attack targets and methods
  • DE.AE-3: Event data are aggregated and correlated from multiple sources and sensors
  • DE.AE-4: Impact of events is determined
  • DE.AE-5: Incident alert thresholds are established