CMMC Practice IR.2.093
Detect and report events.
Bold Coast Security Guidance
Your Incident Response Plan (IRP) should list likely ways in which you can detect events, or how they will be reported. The list may include your SIEM, anti-malware alerts, human notifications of a possible incident, or security alarms.
The next practice discusses who is responsible to reviewing these alerts and reports, so keep that in mind.
CERT RMM V1.2
The monitoring, identification, and reporting of events are the foundation for incident identification and commence the incident life cycle. Events potentially affect the productivity of organizational assets and, in turn, associated services. These events must be captured and analyzed so that the organization can determine whether an event will become (or has become) an incident that requires organizational action. The extent to which an organization can identify events improves its ability to manage and control incidents and their potential effects.