6.6: Deploy SIEM or Log Analytic Tools
Deploy Security Information and Event Management (SIEM) or log analytic tools for log correlation and analysis.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Detect |
2, 3 |
Dependencies
Sub-control 2.4: Track Software Inventory Information
Inputs
Install location of SIEM or log analytic tool
The number of log producers correlated by a SIEM
The total number of log producers
Operations
N/A
Measures
M1 = 1 if a SIEM or other log analytics tool is installed/present; 0 otherwise
M2 = Count of log producers correlated by a SIEM
M3 = Count of log producers
M4 = List of log producers correlated by a SIEM
M5 = List of log producers not correlated by a SIEM
Metrics
Quality of SIEM Correlation
Metric |
The ratio of log producers correlated by a SIEM to the total number of log producers
|
Calculation |
|