Logging Made Easy

CISA's Logging Made Easy is a no cost, government-approved log management solution for small to medium-sized organizations with limited resources that would otherwise have little to no functionality to detect attacks. LME offers centralized logging, proactive threat detection and enhanced security by allowing organizations to monitor their network, identify users, and actively analyze Sysmon data to quickly identify potential malicious activity. As a locally run application, CISA cannot access LME data, ensuring the privacy and security of organizations' information.

LME combines three essential components: Windows clients with Sysmon software, an event collector with Winlogbeat and the Elasticsearch, Logstash, Kibana (ELK) server for data analysis. This setup provides comprehensive and customizable logging through filters using open source software, which blends cost-efficiency with robust functionality. The straightforward installation process and adaptable dashboards enhance user-friendliness, while frequent updates maintain its effectiveness and security.

LME is dedicated to evolving with the cybersecurity needs of its community. Available to the public, LME serves organizations across private, public and non-profit sectors, especially those operating Windows-based, on-premises networks. 

To get started with LME, download it directly from CISA’s GitHub page. For any questions or to schedule a demo, please contact CyberSharedServices@cisa.dhs.gov.