>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-4(2)System Monitoring | Automated Tools and Mechanisms for Real-time Analysis

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Employ automated tools and mechanisms to support near real-time analysis of events.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Automated tools and mechanisms include host-based, network-based, transport-based, or storage-based event monitoring tools and mechanisms or security information and event management (SIEM) technologies that provide real-time analysis of alerts and notifications generated by organizational systems. Automated monitoring techniques can create unintended privacy risks because automated controls may connect to external or otherwise unrelated systems. The matching of records between these systems may create linkages with unintended consequences.

Organizations assess and document these risks in their privacy impact assessment and make determinations that are in alignment with their privacy program plan.

>Programmatic Queries

Beta

Related Services

Amazon GuardDuty
Amazon SecurityHub
AWS CloudWatch

CLI Commands

Get GuardDuty findings for real-time threat analysis
aws guardduty list-findings --detector-id detector-id --finding-criteria '{"Criterion":{"updatedAt":{"Gte":1609459200000}}}'
List security insights from SecurityHub
aws securityhub get-insights --query 'Insights[*].[Name,Filters]'
Get metric statistics from CloudWatch for analysis
aws cloudwatch get-metric-statistics --namespace AWS/EC2 --metric-name CPUUtilization --dimensions Name=InstanceId,Value=i-0123456789abcdef0 --start-time 2024-01-01T00:00:00Z --end-time 2024-01-02T00:00:00Z --period 3600 --statistics Average
Retrieve real-time system performance metrics
aws cloudwatch list-metrics --namespace AWS/Lambda --metric-name Duration
Open AWS ConsoleDocumentation

>Related Controls

PM-23
PM-25

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern automated tools and mechanisms for real-time analysis?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to automated tools and mechanisms for real-time analysis issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-4(2) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.