checklist for audit log review, name, time & date, detect anomalies, abnormal events, potential trea

Identification

Detection of Anomalies

Abnormal Events

  • Check login logs for failed attempts.
  • Count occurrences for each user account.
  • Compare against established thresholds.
  • Investigate accounts surpassing limits.
  • Document findings and potential risks.
  • Review file access logs.
  • Look for unusual access times or patterns.
  • Check for modifications of critical files.
  • Assess user permissions for anomalies.
  • Report unauthorized access or changes.
  • Gather alerts generated by the system.
  • Categorize alerts based on severity.
  • Investigate alerts for authenticity.
  • Cross-reference alerts with user activity.
  • Escalate significant incidents to management.

Potential Threats

Documentation and Reporting