the near future,Approved by multiple global cybersecurity agencies led by Australia and the United StatesPublishedGuidelines aimed at establishing basic standards for logging and threat detection to address the increasingly severe network threats.

as report goes,This guide is jointly released by cybersecurity agencies from countries such as Australia, the United States, Canada, and the United Kingdom, with the aim of strengthening network monitoring, particularly for control plane operations and critical software configuration changes. Guidelines suggest that organizations record allAPICall, user login, and manage change events, and ensure that log data is easily accessible and analyzed. This move aims to enhance the organization's responsiveness by detecting malicious activities early on. In addition, the United StatesCISAWe have also launched a free and open-source log management tool to support resource poor organizations in strengthening their network security.

With the increasing complexity of network attack techniques, complex attacks targeting control plane operations and critical software configuration changes，Especially malicious actors are increasingly adoptingLOTL（Living Off the Land）Traditional network security defense measures are no longer sufficient to meet current security needs for complex network attacks launched by technology and file free malware. Therefore, multiple cybersecurity agencies have decided to jointly develop and release the "Event Log and Threat Detection Guidelines" to strengthen network monitoring and threat detection capabilities，Intended to enhance an organization's responsiveness through early detection of malicious activities.

Taking LOTL attack as an example, LOTLyesA network attack technique, also known as“Fileless malware”or“LOLbins”Attack. The core of this technology is that cybercriminals use native legal tools within the victim's system to sustain and advance attacks without installing any additional code or scripts in the target system.LOTLThe attack is file free, which means the attacker does not need to implant any malicious code or script files into the target system, thereby reducing the risk of being detected by traditional security tools. The attacker uses legitimate tools within the victim's system to carry out the attack. These tools are legal and widely used under normal circumstances, making them difficult for security software to identify as malicious behavior.

According to relevant personnel, the guide provides implementation recommendations for information technology decision-makers, technical operation and maintenance providers, network administrators, etc., to ensure the security and stability of critical systems.Event loggingIn the middle,Guidelines suggest that organizations record allAPICall, user login, and manage change events, and ensure that log data is easily accessible and analyzed. The importance of optimizing event logging strategies was emphasized to improve the detection capability of network security events.

In terms of threat detection capability, the key objectives of an effective event recording solution have been proposed, including generating alerts for critical network security events, detecting potential events, and ensuring effective event response. Provided information on implementing user and entity behavior analysis（UEBA）Provide guidance on improving threat detection capabilities and recommendations for ensuring the security and integrity of event log storage.

U.S.ACISAFree and open-source log management tool launchedLME（Logging Made Easy）

In addition, the United StatesCISAWe have also launched a free and open-source log management toolLME（Logging Made Easy），Intended to assist small businesses and organizations without dedicated cybersecurity personnel in achieving basic level centralized security log management and providing attack detection capabilities. Through centralized managementWindowsThe security logs of the system client,LMEIt can help these organizations detect and respond to potential cybersecurity threats in a timely manner.

The release of this guideThis provides important reference standards for event logging and threat detection in the field of network security, which helps to promote the development and improvement of relevant standards.For participating organizations, having their own network security defense capabilities,By implementing the best practices outlined in the guidelines, organizations can more effectively detect and respond to cybersecurity threats, enhancing their cybersecurity posture.Promote the improvement and optimization of the internal network security system of the organization, and enhance the overall security level.

The joint release of cybersecurity agencies from multiple countries reflectsInternationallyCooperation and consensus in the field of cybersecurity,Promote international cooperation and information sharing in the field of cybersecurity,Helps to jointly address global cybersecurity challenges.Promote the development and application of network security technology, and provide strong support for building a more secure and trustworthy network environment.