AU.L2-3.3.3
AU.L2-3.3.3: Audit Review, Analysis, and Reporting
Regularly review and analyze audit logs to identify security events, then report findings to management.
AU.L2-3.3.4
Alerting When Audit Logging Fails: AU.L2-3.3.4 Guide
Alert system administrators and security personnel immediately when audit logging or analysis failures occur.
AU.L2-3.3.5
Log Correlation Across Systems: AU.L2-3.3.5 Guide
Correlate audit data from multiple sources to identify patterns and complex attack sequences that individual logs cannot detect.
AU.L2-3.3.6
Audit Log Filtering and Reporting: AU.L2-3.3.6 Guide
Create tools and processes to filter audit logs and generate reports that focus on security-relevant events rather than routine system activity.
AU.L2-3.3.7
AU.L2-3.3.7: Authoritative Time Source
Synchronize all system clocks to a reliable, authoritative time source so audit logs are trustworthy and events can be correlated accurately.
AU.L2-3.3.8
Protecting Audit Logs from Tampering: AU.L2-3.3.8 Guide
Protect audit logs from unauthorized access, modification, and deletion to preserve their integrity as evidence.
AU.L2-3.3.9
AU.L2-3.3.9: Audit Management
Limit audit log management functions (configuration, deletion, archival) to authorized individuals to prevent tampering.