The organization employs automated mechanisms to alert security personnel of the following inappropriate or unusual activities with security implications: [organization-defined activities that trigger alerts].
Supplemental
This control enhancement focuses on the security alerts generated by organizations and transmitted using automated means. In contrast to the alerts generated by information systems in SI-4 (5), which tend to focus on information sources internal to the systems (e.g., audit records), the sources of information for this enhancement can include other entities as well (e.g., suspicious activity reports, reports on potential insider threats).