Logging Made Easy

CISA's Logging Made Easy (LME) is a no-cost log management solution for small to medium-sized organizations with limited resources that would otherwise have little to no functionality to detect attacks. LME offers centralized logging, proactive threat detection and enhanced security by allowing organizations to monitor their network, identify users, and actively analyze Sysmon data to quickly identify potential malicious activity. As a locally run application, CISA cannot access LME data, ensuring the privacy and security of organizations' information.

LME combines three essential components: Windows clients with Sysmon software, an event collector with Winlogbeat and the Elasticsearch, Logstash, Kibana (ELK) server for data analysis. This setup provides comprehensive and customizable logging through filters using open source software, which blends cost-efficiency with robust functionality. The straightforward installation process and adaptable dashboards enhance user-friendliness, while frequent updates maintain its effectiveness and security.

LME is dedicated to evolving with the cybersecurity needs of its community. Available to the public, LME serves organizations across private, public and non-profit sectors, especially those operating Windows-based, on-premises networks. 

To get started with LME, download it directly from CISA’s GitHub page. For any questions, please contact CyberSharedServices@cisa.dhs.gov. 
 

Additional Resource:

Best Practices for Event Logging and Threat Detection is a joint guide to help organizations define a baseline for logging best practices to mitigate malicious cyber threats. It provides recommendations that improve an organization’s resilience in the current cyber threat environment, with regard for resourcing constraints. The guidance is of moderate technical complexity and assumes a basic understanding of event logging.