Service

Logging Made Easy

LME is a no-cost log management and threat detection solution that empowers organizations to monitor networks and enhance their overall cybersecurity posture. LME supports many systems including Windows, Linux, and macOS.
Task type
Shared Service
Related topics:
Cybersecurity Best Practices, Incident Detection, Response, and Prevention, Cyber Threats and Advisories

Description

CISA's Logging Made Easy (LME) is a no-cost log management and threat detection solution for small to medium-sized organizations with limited resources that would otherwise have little to no functionality to detect attacks. LME offers centralized logging, proactive threat detection and enhanced security by allowing organizations to monitor their network, identify users, and actively analyze Sysmon data to quickly identify potential malicious activity. As a locally run application, CISA cannot access LME data, ensuring the privacy and security of organizations' information.

Leveraging Elastic and Wazuh, LME offers centralized log collection, proactive threat detection, and real-time alerting, enabling organizations to monitor their network and user activity and analyze alerts to detect potential malicious activity. This setup provides comprehensive and customizable logging through filters using open source software, which blends cost-efficiency with robust functionality. The straightforward installation process and adaptable dashboards enhance user-friendliness, while frequent updates maintain its effectiveness and security.

LME is dedicated to evolving with the cybersecurity needs of its community. To get started with LME, download it directly from CISA’s GitHub page. For any questions, please contact CyberSharedServices@cisa.dhs.gov
 

Additional Resource:

Best Practices for Event Logging and Threat Detection is a joint guide to help organizations define a baseline for logging best practices to mitigate malicious cyber threats. It provides recommendations that improve an organization’s resilience in the current cyber threat environment, with regard for resourcing constraints. The guidance is of moderate technical complexity and assumes a basic understanding of event logging.

Choosing Secure and Verifiable Technologies is updated joint guidance released by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), in partnership with CISA, the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), New Zealand’s National Cyber Security Centre (NCSC-NZ), and the Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Centre (NCSC). The guidance is intended to aid procuring organizations and manufacturers of digital products and services in choosing and developing technology that is secure by design.  

Current Status

LME released version 2.0 on CISA’s LME GitHub page on November 12, 2024. Both new and existing users will need to install LME 2.0. 

Download LME 2.0 on GitHubUpgrade Instructions for Existing Users 

LME Fact Sheet and FAQ

To learn more about LME, explore the downloadable resources below. 

Logging Made Easy Fact Sheet 

Spanish Translations:

Logging Made Easy Fact Sheet, Spanish Translation

Tags

Audience: Educational Institutions, Federal Government, Industry, Small and Medium Businesses, State, Local, Tribal, and Territorial Government
Topics: Cyber Threats and Advisories, Cybersecurity Best Practices, Incident Detection, Response, and Prevention, Securing Networks

Related Services