Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
DE.AE-03.2: The organisation shall ensure that event data from critical systems is collected and correlated using information from multiple relevant sources. |
|
DE.AE-03.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p157 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p104 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to enable the organisation to detect complex or distributed threats by combining and analysing event data from different systems and sources. Correlating this data helps identify patterns that may not be visible when systems are monitored in isolation. The achieve this goal, the following should be considered: - Relevant sources of event data can include system logs, audit logs, network monitoring tools, physical access records, and reports from users or administrators. - Log data should be sent continuously, ideally in real-time or near real-time, to a centralised system for storage and analysis. This improves the ability to detect patterns and respond quickly to potential issues. - Centralising logs on a small number of dedicated servers or platforms, such as a SIEM, lightweight log manage- ment tools, cloud-based logging services, or managed detection services (often part of Managed Detection and Response, or MDR), can support efficient analysis and correlation of events across systems. - Cyberthreat intelligence can be used to enhance event correlation byproviding context about known threats, attack methods, and indicators of compromise. - Threat intelligence should be securelyintegrated into detection tools and processes to support more accurate and timely identification of threats. |
|
A general note, for any purpose. |
The goal of this control is to enable the organisation to detect complex or distributed threats by combining and analysing event data from different systems and sources. Correlating this data helps identify patterns that may not be visible when systems are monitored in isolation. The achieve this goal, the following should be considered: - Relevant sources of event data can include system logs, audit logs, network monitoring tools, physical access records, and reports from users or administrators. - Log data should be sent continuously, ideally in real-time or near real-time, to a centralised system for storage and analysis. This improves the ability to detect patterns and respond quickly to potential issues. - Centralising logs on a small number of dedicated servers or platforms, such as a SIEM, lightweight log manage- ment tools, cloud-based logging services, or managed detection services (often part of Managed Detection and Response, or MDR), can support efficient analysis and correlation of events across systems. - Cyberthreat intelligence can be used to enhance event correlation byproviding context about known threats, attack methods, and indicators of compromise. - Threat intelligence should be securelyintegrated into detection tools and processes to support more accurate and timely identification of threats. |
|
A general note, for any purpose. |
The goal of this control is to enable the organisation to detect complex or distributed threats by combining and analysing event data from different systems and sources. Correlating this data helps identify patterns that may not be visible when systems are monitored in isolation. The achieve this goal, the following should be considered: • Relevant sources of event data can include system logs, audit logs, network monitoring tools, physical access records, and reports from users or administrators. • Log data should be sent continuously, ideally in real-time or near real-time, to a centralised system for storage and analysis. This improves the ability to detect patterns and respond quickly to potential issues. • Centralising logs on a small number of dedicated servers or platforms, such as a SIEM, lightweight log manage- ment tools, cloud-based logging services, or managed detection services (often part of Managed Detection and Response, or MDR), can support efficient analysis and correlation of events across systems. • Cyberthreat intelligence can be used to enhance event correlation byproviding context about known threats, attack methods, and indicators of compromise. • Threat intelligence should be securelyintegrated into detection tools and processes to support more accurate and timely identification of threats. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to enable the organisation to detect complex or distributed threats by combining and analysing event data from different systems and sources. Correlating this data helps identify patterns that may not be visible when systems are monitored in isolation. The achieve this goal, the following should be considered:</p><ul><li>Relevant sources of event data can include system logs, audit logs, network monitoring tools, physical access records, and reports from users or administrators.</li><li>Log data should be sent continuously, ideally in real-time or near real-time, to a centralised system for storage and analysis. This improves the ability to detect patterns and respond quickly to potential issues.</li><li>Centralising logs on a small number of dedicated servers or platforms, such as a SIEM, lightweight log manage- ment tools, cloud-based logging services, or managed detection services (often part of Managed Detection and Response, or MDR), can support efficient analysis and correlation of events across systems.</li><li>Cyberthreat intelligence can be used to enhance event correlation byproviding context about known threats, attack methods, and indicators of compromise.</li><li>Threat intelligence should be securelyintegrated into detection tools and processes to support more accurate and timely identification of threats.</li></ul></div> |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
DE.AE-03.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Event data correlation from multiple sources |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall ensure that event data from critical systems is collected and correlated using information from multiple relevant sources. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1