Logging requirements are established and maintained for network and host monitoring infrastructure (for example, web gateways, endpoint detection and response software, intrusion detection and prevention systems)
Context and Guidance: Define logging requirements for all network and host monitoring infrastructure. These requirements may be different from other IT and OT assets as they may provide additional information that could be useful when building a complete understanding of activity within the organisation’s networks. For example, event logs from a web gateway that show connections to websites that were blocked because they violated the company’s policy.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: SITUATION-1a, SITUATION-1b, SITUATION-1c, SITUATION-1d, SITUATION-1f.