RA-05(08) Review Historic Audit Logs
Review historic audit logs to determine if a vulnerability identified in a ra-05.08_odp.01 has been previously exploited within an ra-05.08_odp.02.
| Parameter ID | Definition |
|---|---|
| ra-05.08_odp.01 | system |
| ra-05.08_odp.02 | time period |
Baselines
- L Not selected
- M Not selected
- H Not selected
- P Not selected
Guidance
Reviewing historic audit logs to determine if a recently detected vulnerability in a system has been previously exploited by an adversary can provide important information for forensic analyses. Such analyses can help identify, for example, the extent of a previous intrusion, the trade craft employed during the attack, organizational information exfiltrated or modified, mission or business capabilities affected, and the duration of the attack.