Level 2/4: Medium: Increased alertness.
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate. Security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. No changes to actual security infrastructure is required.