Event logging, Threat Management

New event logging, threat detection unveiled by US, allies

Share
Vulnerability Management

SecurityWeek reports that escalating cybersecurity threats have prompted the U.S., Canada, Japan, Korea, Singapore, New Zealand, the UK, and the Netherlands to release joint event logging and threat detection guidance for medium and large organizations, which emphasized the importance of organizations' and service providers' shared responsibilities, as well as log monitoring and log details in crafting logging policies.

While the guidance recommended the use of structured log formats across systems, organizations have been urged to prioritize the type of events logged and ensure the presence of accurate timestamps, device identifiers, executed commands, autonomous system numbers, and unique event identifiers to better aid in incident response efforts. "Useful event logs enrich a network defender's ability to assess security events to identify whether they are false positives or true positives. Implementing high-quality logging will aid network defenders in discovering [living-off-the-land] techniques that are designed to appear benign in nature," said the document.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.