Periodic reviews of log data or other cybersecurity monitoring activities are performed, at least in an ad hoc manner
Context and Guidance: Regular review and audit of event logs (manually or by automated tools) is a critical monitoring activity that is essential for situational awareness (e.g., through the detection of cybersecurity events or weaknesses). For example, logs may provide data about changes in the user environment that can result in necessary changes in access privileges or trigger alerts when systems important to the delivery of the function are unavailable. Another example of this is unintentionally powered off, deleted, or "resource exhausted" virtualised assets that may trigger alerts to ensure administrators are aware of system updates or patches that may not have been applied to these systems while they were offline or unable to respond.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: SITUATION-2a, SITUATION-2b, SITUATION-2c, SITUATION-2f, SITUATION-2g.