DE.AE-02 - Analyzing Adverse Events for Insights
DE.AE-02 focuses on analyzing potentially adverse events to understand their nature, using tools like SIEM systems to examine log events for malicious or suspicious activity. This includes leveraging cyber threat intelligence to characterize threat actors, tactics, and indicators of compromise, supplemented by manual reviews where automation falls short. It turns raw detections into actionable insights.
This subcategory improves detection accuracy by providing detailed context about event origins and methods, supporting informed response decisions. It ensures thorough analysis across all technologies, aligning efforts with risk priorities. DE.AE-02 bridges monitoring and incident characterization for effective threat management.
