CISA Advisory: ASD’s ACSC, CISA, FBI, and NSA, with the support of International Partners Release Best Practices for Event Logging and Threat Detection

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners are releasing Best Practices for Event Logging and Threat Detection. This guide will assist organizations in defining a baseline for event logging to mitigate malicious cyber threats.

The increased prevalence of malicious actors employing living off the land (LOTL) techniques, such as living off the land binaries (LOLBins) and fileless malware, highlights the importance of implementing and maintaining an effective event logging program.

 CISA encourages public and private sector senior information technology (IT) decision makers, operational technology (OT) operators, network administrators, network operators, and critical infrastructure organizations to review the best practices in the guide and implement recommended actions. These actions can help detect malicious activity, behavioral anomalies, and compromised networks, devices, or accounts.

For more information on LOTL techniques, see joint guidance Identifying and Mitigating Living Off the Land Techniques and CISA’s Secure by Design Alert Series.

For more information and guidance on event logging and threat detection, see CISA’s Secure Cloud Business Applications (SCuBA) products, network traffic analysis tool Malcom, and Logging Made Easy.



This alert was originated from: Cybersecurity & Infrastructure Security Agency ( CISA )

https://www.cisa.gov/news-events/alerts/2024/08/21/asds-acsc-cisa-fbi-and-nsa-support-international-partners-release-best-practices-event-logging-and

  • Ricardo Alonso

    Related Posts

    Adobe security advisory (AV24–511) – Canadian Centre for Cyber Security

    Serial number: AV24-511Date: September 10, 2024 On September 10, 2024, Adobe published security advisories to address vulnerabilities in the following products: Acrobat DC – versions 24.003.20054 and prior (Windows), version 24.002.21005 and…

    CISA Advisory: Citrix Releases Security Updates for Citrix Workspace App for Windows

    This alert was originated from: Cybersecurity & Infrastructure Security Agency ( CISA ) Citrix released security updates to address multiple vulnerabilities in the Citrix Workspace App for Windows. A cyber…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Adobe security advisory (AV24–511) – Canadian Centre for Cyber Security

    Adobe security advisory (AV24–511) – Canadian Centre for Cyber Security

    CISA Advisory: Citrix Releases Security Updates for Citrix Workspace App for Windows

    CISA Advisory: Citrix Releases Security Updates for Citrix Workspace App for Windows

    Microsoft security advisory – September 2024 monthly rollup (AV24-510)

    Microsoft security advisory – September 2024 monthly rollup (AV24-510)

    SAP security advisory – September 2024 monthly rollup (AV24-506)

    SAP security advisory – September 2024 monthly rollup (AV24-506)

    [Control systems] CISA ICS security advisories (AV24-500)

    [Control systems] CISA ICS security advisories (AV24-500)

    Red Hat security advisory (AV24-502)

    Red Hat security advisory (AV24-502)