Maintenance, Monitoring & Analysis of Audit Logs
CIS Control 6
Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.
Why is this Critical?
An organization that neither monitors nor analyzes its security audit logs will probably have a hard time detecting, understanding, or recovering from an attack. This CIS Control is focused on proper log management practices to give you the data needed about the who, what, where, when and how of an event in question. A managed solution can help organizations monitor their logs on a 24/7 basis, correlate them, and identify potential security incidents.