Definitions[edit | edit source]
An event is
Overview[edit | edit source]
Events include a user connecting to a file share, a server receiving a request for a web page, a user sending email, and a firewall blocking a connection attempt. They "[s]ometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring."
References[edit | edit source]
- NIST Special Publication 800-61 (rev. 1), Glossary, at D-1; NIST Special Publication 800-150, at 59.
- Practices for Securing Critical Information Assets, Glossary, at 54.
- Federal Automated Vehicles Policy: Accelerating the Next Revolution In Roadway Safety, at 84.
- NIST Special Publication 800-61 (rev. 2), at 2.
- NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).