3.3.5. Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity.
Guides
- NIST SP 800-92 - Guide to Computer Security Log Management
- SANS Institute - Successful SIEM and Log Management Strategies for Audit and Compliance
- Randy Franklin Smith's Ultimate Windows Security - February, 2017
- DFAR is Here, Are You Ready?
- DFARS Self-Reporting with Splunk
Sample Policy & Procedures
- Norfolk State University - Administrative Policy # 32 – 8 – 306 (2014) Audit Review, Analysis, and Reporting
- SANS Institute - Information Logging Standard
Videos
- BrightTALK - Log Management: Achieving Compliance Objectives
- BrightTALK - Universal Log Management – How Much Information is Too Much?
- BrightTALK - Rev up Your SIEM
- DFARS Self-Reporting with Splunk Enterprise