10.6 Review logs and security events for all system components to identify anomalies or suspicious activity.
Note: Log harvesting, parsing, and alerting tools may be used to meet this Requirement.
10.6 Perform the following: (See 10.6.#)
Many breaches occur over days or months before being detected. Checking logs daily minimizes the amount of time and exposure of a potential breach.
Regular log reviews by personnel or automated means can identify and proactively address unauthorized access to the cardholder data environment.
The log review process does not have to be manual. The use of log harvesting, parsing, and alerting tools can help facilitate the process by identifying log events that need to be reviewed.