Audit and Accountability - Level 4
CMMC AU.4.054 - Review Audit Activity
Requirement text: AU.4.054: Review audit information for broad activity in addition to per-machine activity. DISCUSSION FROM SOURCE: CMMC The full scope of adversary activity may not be apparent from analyzing a single machine. A broad perspective is ...
CMMC AU.4.053 - Automate Log Analysis
Requirement text: AU.4.053: Automate analysis of audit logs to identify and act on critical indicators (TTPs) and/or organizationally defined suspicious activity. DISCUSSION FROM SOURCE: CMMC Adversary activity typically leaves indications in audit ...