Best practices for event logging and threat detection

The Canadian Centre for Cyber Security (Cyber Centre) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), and the following international partners in releasing cyber security guidance on best practices for event logging and threat detection:

  • United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA)
  • New Zealand National Cyber Security Centre (NCSC-NZ) and CERT NZ
  • Japan National Center for Incident Readiness and Strategy for Cybersecurity (NISC) and JPCERT/CC
  • Republic of Korea National Intelligence Services (NIS) and NIS’s National Cyber Security Center (NCSC-Korea)
  • Singapore Cyber Security Agency (CSA)
  • The Netherlands General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD)

This joint guidance details best practices for event logging and threat detection for cloud services, enterprise networks, enterprise mobility, and operational technology (OT) networks. The guidance is of moderate technical complexity and assumes a basic understanding of event logging.

Event logging enables network visibility, supports the continued delivery of critical systems, and improves the security and resilience of systems. Four key factors to consider when pursuing logging best practices are reviewed in this guidance and include the following:

  • Enterprise approved logging policies
  • Centralized log collection and correlation
  • Secure storage and log integrity
  • Detection strategies for relevant threats

This guidance is intended for senior information technology (IT) decision makers, OT operators, network administrators, network operators, and critical infrastructure providers within medium to large organizations.

Read the joint guidance advisory: Best practices for Event Logging and Threat Detection

Date modified: