Some context here - When I go to ESCU app and filter down the analytical stories based on CIS control 4, it shows me 6 stories all of which specifically address a certain use case. But I am having trouble understanding how a usecase is relevant to CIS 4 control.
Take for e.g. Spectre And Meltdown Vulnerabilities maps to control 4.
The only relevant sub-controls under 4 that can be detected using ES I found were:
Log and Alert on Changes to Administrative Group Membership and Log and Alert on Unsuccessful Administrative Account Login.
Can anyone please help understand how is the analytical story relevant to