View Resource
Best Practices for Event Logging and Threat Detection
Release Date: 08/21/2024
Organization: ASD's ACSC
Content Type: Guidance
Solution Provider Neutrality: Neutral
This joint guide will assist organizations in defining a baseline for event logging to mitigate malicious cyber threats. The increased prevalence of malicious actors employing living off the land (LOTL) techniques, such as living off the land binaries and fileless malware, highlights the importance of implementing and maintaining an effective event logging program.
The authors encourage public and private sector senior information technology (IT) decision makers, operational technology (OT) operators, network administrators, network operators, and critical infrastructure organizations to review the best practices in the guide and implement recommended actions. These Zero Trust-aligned actions can help detect malicious activity, behavioral anomalies, and compromised networks, devices, or accounts.
For more information on LOTL techniques, see joint guidance Identifying and Mitigating Living Off the Land Techniques and CISA’s Secure by Design Alert Series. For more information and guidance on event logging and threat detection, see CISA’s Secure Cloud Business Applications (SCuBA) products, network traffic analysis tool Malcom, and Logging Made Easy.