8.6: Centralize Anti-Malware Logging
Send all malware detection events to enterprise anti-malware administration tools and event log servers for analysis and alerting.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Devices |
Detect |
2, 3 |
Dependencies
Sub-control 2.1: Maintain Inventory of Authorized Software
Sub-control 5.1: Establish Secure Configurations
Inputs
List of software instances (anti-malware software, anti-malware administration tools, and event log servers) that need to be configured to properly send, receive, and log these malware detection events.
Approved configuration(s) for anti-malware software, anti-malware administration tools, and event log servers to ensure that malware detection events are properly sent, received, and logged.
The total number of malware detection events (M5)
The number of alerts being correlated in a central service (M6)
Operations
For each software instance in Input 1, check to see if it is configured according to the appropriate approved configuration(s) in Input 2.
Create a list of the software instances that are properly configured (M1)
Create a list of the software instances that are not properly configured (M2) noting where the deviations occur.
Measures
M1 = List of software instances that are properly configured for the sending/receiving of malware detection events (compliant list)
M2 = List of software instances that are not properly configured for the sending/receiving of malware detection events (non-compliant list)
M3 = Count of properly configured software instances (count of M1)
M4 = Total count of software instances that need to be configured to properly send/receive malware detection events (count of Input 1)
M5 = Count of malware detection events
M6 = Count of alerts being correlated in a central service
Metrics
Coverage
Metric |
Ratio of properly configured software instances for sending/receiving malware detection
events.
|
Calculation |
|
Quality
Metric |
Quality of Log correlation/aggregation for Anti-Malware
|
Calculation |
|