Given the rise in malicious actors using living off the land (LOTL) techniques it is more important than ever to implement and maintain an effective event logging programme.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), along with CISA, FBI, NSA and international partners, have released a comprehensive guide on Best Practices for Event Logging and Threat Detection. This guide is designed to help organisations establish a robust baseline for event logging, crucial for mitigating malicious cyber threats.
Given the rise in malicious actors using living off the land (LOTL) techniques, such as living off the land binaries (LOLBins) and fileless malware, it is more important than ever to implement and maintain an effective event logging programme.
We strongly encourage senior IT decision-makers, OT operators, network administrators, network operators, and critical infrastructure organisations in both the public and private sectors to review the best practices outlined in this guide. Implementing these recommended actions can significantly enhance your ability to detect malicious activity, behavioural anomalies, and compromised networks, devices, or accounts.
For more detailed information on LOTL techniques, please refer to the joint guidance on Identifying and Mitigating Living Off the Land Techniques and CISA’s Secure by Design Alert Series. Additionally, for further guidance on event logging and threat detection, explore CISA’s Secure Cloud Business Applications (SCuBA) products, the network traffic analysis tool Malcom, and Logging Made Easy.
