ISMS Compliance
CyFun BasicDetect

DE.AE-3: Event data collection

Event data are collected and correlated from multiple sources and sensors

DETECTDE.AE-3Key Measure

Requirement

The activity logging functionality of protection/detection hardware or software (e.g. firewalls, anti-virus) shall be enabled, backed up and reviewed.

Our Implementation

Security event data is collected from multiple sources across the platform:

  • Authentication events: Supabase Auth captures login successes, failures, session creation, and token refresh events
  • Application monitoring: PostHog collects user behaviour events, feature flag evaluations, and application error tracking
  • Background job execution: Trigger.dev logs task execution, failures, and retry events

Alerts are centralised in dedicated Slack channels where data errors, Better Stack uptime alerts, and application errors are routed for real-time developer notification. All developers have mobile notifications enabled on these channels, ensuring immediate awareness of incidents. Event data includes timestamps, user identifiers, action types, and source information.

Gaps / Planned improvements:

  • No centralised SIEM or event correlation platform (NEX-371)
  • Events from different sources are not automatically correlated (NEX-371)

Evidence

Partially ImplementedL2 — Repeatable

Detect

Timely detection of cybersecurity events

DE.CM-1: Network monitoring

The network is monitored to detect potential cybersecurity events

On this page

RequirementOur ImplementationEvidence