DE.AE-02—Potentially adverse events are analyzed to better understand associated activities
>Control Description
This adverse event analysis subcategory ensures that potentially adverse events are analyzed to better understand associated activities. Key activities include: Use security information and event management (SIEM) or other tools to continuously monitor log events for known malicious and suspicious activity; Utilize up-to-date cyber threat intelligence in log analysis tools to improve detection accuracy and characterize threat actors, their methods, and...; Regularly conduct manual reviews of log events for technologies that cannot be sufficiently monitored through automation.
>Cross-Framework Mappings
PCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
LOG-03
LOG-05
SEF-05
SEF-06
UEM-09
CIS Controls v8.0
8.11
CIS Controls v8.1
8.11
CRI Profile v2.0
DE.AE-02
DE.AE-02.01
DE.AE-02.02
CSF v1.1
DE.AE-2
ISO/IEC 27001:2022
Mandatory Clause: None
Annex A Controls: 5.24
Annex A Controls: 5.25
NICE Framework
DD-WRL-008
IO-WRL-006
PD-WRL-001
PD-WRL-005
PD-WRL-006
PD-WRL-007
PCI DSS
10.2.1
10.4.1
10.4.2.1
10.3.3
10.3.4
6.3.1
SCF
IRO-02
IRO-02.4
SP 800-171 Rev 3
03.03.05
03.06.01
03.12.03
03.14.06
SP 800-53 Rev 5.1.1
AU-06
CA-07
IR-04
SI-04
SP 800-53 Rev 5.2.0
AU-06
CA-07
IR-04
SI-04
Ask AI
Configure your API key to use AI features.