Environmental Protection Agency – Audit and Accountability Procedure
3.3 3.3.4 Audit and Accountability
https://www.epa.gov/system/files/documents/2023-06/information_security_audit_and_accountability_procedures.pdf
This example procedure from the EPA shows how they iplement the security control requirements for the Audit and Accountability (AU) control family, as identified in NIST SP 800-53.
https://logz.io/learn/complete-guide-elk-stack/
This is an article from logz.io that speaks to defining the elk stack, the importance, installation and configuration of it.
https://www.cynet.com/incident-response/incident-response-sans-the-6-steps-in-depth/
SANS checklist for reviewing critical logs when responding to a security incident or for routine log review.
https://support.solarwinds.com/SuccessCenter/s/article/Audit-Policies-and-Best-Practices-for-LEM?language=en_US
Best practices for Windows Auditing Log monitoring and different types of windows audit logs
