Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular review is useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of a successful attack. CIS Control 8 emphasizes the need for centralized collection and storage and standardization to better coordinate audit log reviews. Some industries have regulatory bodies that require collection, retention, and review of logs, so CIS Control 8 is not only important but also in some cases mandatory.
The Control is composed of twelve safeguards, mostly in the IG2 category, with Protect or Detect security functions that all organizations with enterprise assets should implement. Audit logs should capture detailed information about (1) what event happened, (2) what system the event happened on, (3) what time the event happened, and (4) who caused the event to happen. Alerts should be set for suspicious
Read the article