1. Monitoring Computing Resources

包括繼續監視系統、應用程式佮基礎設施，來辨識佮回應可能會出現威脅。

• Log files：文字檔，紀錄發生過的事件。
• Security logs：紀錄所有授權佮無授權的 access。
• Systems monitors：
• Application monitors：
• Infrastructure monitors：Infrastructure 包括網路、資料庫、雲端服務。
  Simple Network Management Protocol(SNMP)：
  • SNMP agents
  • SNMP managers
  • SNMP traps
  • Network Management System(NMS)
    其他監視裝置有 Network Intrusion Detection Systems(NIDSs) 佮 Network Intrusion Prevention Systems(NIPSs)
  • Network Intrusion Detection Systems(NIDSs)：
    • Traffic analysis
    • Alerts and notifications
    • Passive role
  • Network Intrusion Prevention Systems(NIPSs)：
    • Real-time analysis and action
    • Blocking threats
    • Policy enforcement
    • Reducing attack surface
    • Alerts and reporting

2. Activies

五个 alerting and monitoring 的基本 Activies：

• Log aggregation：
  Security Information and Even Management(SIEM) system
• Alerting
• Scanning
• Reporting：
  主要元素：
  • Customizable dashboards：
    • SolarWinds Network Performance Monitor(NPM)
    • The Cisco Digital Network Architecture Center(Cisco DNA Center)
  • Compliance reporting
  • Executive summaries
• Archiving

3. Alert Response and Remediation/Validation

• Quarantine：
  • Automated response
  • Manual intervention
  • Isolation duration
• Alert tuning

4. Tools

• Security Content Automation Protocol(SCAP)：
  • Open Vulnerability and Assessment Language(OVAL)
  • Extensible Configuration Checklist Description Format(XCCDF)
• Benchmarks
• Agents/Agentless
• Security Information and Event Management(SIEM)
  重要功能：
  • Data collection
  • Data aggregation
  • SIEM correlation
  • Alerting and reporting
• Antivirus
• Data Loss Prevention(DLP)
• Simple Network Management Protocol(SNMP) Traps
• NetFlow
• Vulnerability Scanners