DE.CM-1

The network is monitored to detect potential cybersecurity events

Detect · Continuous Monitoring

Semi-Automated

Compliance Score

65%

Partially Compliant

Documentation Maturity

3/ 5

Target: 2.5

Implementation Maturity

3/ 5

Target: 2.5

Control Description

Network monitoring tools are deployed to detect anomalous activity, unauthorized connections, and potential intrusions at both the perimeter and endpoint level.

Microsoft Graph API Endpoints Used

GET /deviceManagement/deviceCompliancePoliciesGET /security/alerts_v2

Required Permissions

DeviceManagementConfiguration.Read.AllSecurityAlert.Read.All

Findings (1)

13/20 items compliant

Severity	Finding	Recommendation
medium	Improvement needed: The network is monitored to detect potential cybersecurity events Current implementation does not fully meet the requirements of DE.CM-1.	Deploy endpoint detection via Microsoft Defender for Endpoint. Enable network-level monitoring through firewall logs. Configure alerts for anomalous traffic patterns. Review network security alerts daily.

Severity

Finding

medium

Improvement needed: The network is monitored to detect potential cybersecurity events

Current implementation does not fully meet the requirements of DE.CM-1.

Remediation Guidance

Deploy endpoint detection via Microsoft Defender for Endpoint. Enable network-level monitoring through firewall logs. Configure alerts for anomalous traffic patterns. Review network security alerts daily.