To define and identify security-relevant events and the data to be collected and communicated as determined by policy, regulation, or risk analysis to support identification of those security-relevant events.
Sources:
NISTIR 7497