Given the rise in malicious actors using Living Off the Land (LOTL) techniques, such as Living Off the Land binaries (LOLBins) and fileless malware, it is more important than ever to implement and maintain an effective event logging program.
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), along with CISA, FBI, NSA, and international partners, have released a comprehensive guide on Best Practices for Event Logging and Threat Detection. This guide is designed to help organizations establish a robust baseline for event logging, crucial for mitigating malicious cyber threats.
Given the rise in malicious actors using Living Off the Land (LOTL) techniques, such as living off the land binaries (LOLBins) and fileless malware, it is more important than ever to implement and maintain an effective event logging program.
We strongly encourage senior IT decision-makers, OT operators, network administrators, network operators, and critical infrastructure organizations in both the public and private sectors to review the best practices outlined in this guide. Implementing these recommended actions can significantly enhance your ability to detect malicious activity, behavioral anomalies, and compromised networks, devices, or accounts.
For more detailed information on LOTL techniques, please refer to the joint guidance on Identifying and Mitigating Living Off the Land Techniques and CISA’s Secure by Design Alert Series. Additionally, for further guidance on event logging and threat detection, explore CISA’s Secure Cloud Business Applications (SCuBA) products, the network traffic analysis tool Malcom, and Logging Made Easy.
