https://www.dnsstuff.com/free-siem-tools
This article lists Security Information and Event Management (SIEM) tools that provide log analysis and correlation of events. Caveat: Open source may be sufficient for some small companies but do not provide support and may offer only a limited feature set. Most of these open source solutions offer a paid option as well. If you try it and like it, upgrading to the paid option to gain support and features is easy.
https://www.dnsstuff.com/free-log-management-tools
This link provides a list of no or low cost log management tools.
https://cmmccompliancesecrets.com/from-logs-to-action-making-sense-of-cmmc-control-au-l2-3-3-5/
This article discusses the importance of collecting logs, why CMMC Control AU.L2-3.3.5 is important, and provides helpful resources to become compliant.
https://help.ubuntu.com/community/Logwatch
This document from Ubuntu discusses Logwatch, a tool that will monitor your server's logs and email the administrator a digest on a daily basis.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
This NIST Special Publication provides practical guidance on developing and maintaining effective log management practices.
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltd346db979178897d/5e9dfdd5dac81811514a1b08/information_logging_standard.pdf
This policy from SANS helps identify requirements that must be met by a system to generate logs.
https://www.sans.org/white-papers/33528
This SANS whitepaper offers common elements to success for log management, in order to prepare for regulatory compliance audits.
https://www.techtarget.com/searchsecurity/tip/Security-log-management-and-logging-best-practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions.
US-CERT – CRR Supplemental Resource Guide, Volume 5: Incident Management
3.3 3.3.5 Audit and Accountability
https://www.cisa.gov/uscert/sites/default/files/c3vp/crr_resources_guides/CRR_Resource_Guide-IM.pdf
US-CERT resource that provides information on how to create, test and improve an Incident Management plan.
https://www.youtube.com/watch?v=Fo33lEWkqO4&list=PLstjectj9BFgWGjHn4y2oygN34oFpSPjR&index=56
In this video, Mike dives into CMMC 2.0 Control IR.L2-3.6.1. This control is all about being prepared, having a written and practiced plan in place so that your entire team knows exactly what to do when an attack happens.
