DE — Detect
11 outcomes in the Detect function
DE.CM-01Networks and network services are monitored to find potentially adverse events
DE.CM-02The physical environment is monitored to find potentially adverse events
DE.CM-03Personnel activity and technology usage are monitored to find potentially adverse events
DE.CM-06External service provider activities and services are monitored to find potentially adverse events
DE.CM-09Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events
DE.AE-02Potentially adverse events are analyzed to better understand associated activities
DE.AE-03Information is correlated from multiple sources
DE.AE-04The estimated impact and scope of adverse events are understood
DE.AE-06Information on adverse events is provided to authorized staff and tools
DE.AE-07Cyber threat intelligence and other contextual information are integrated into the analysis
DE.AE-08Incidents are declared when adverse events meet the defined incident criteria