SecurityWeek reports that escalating cybersecurity threats have prompted the U.S., Canada, Japan, Korea, Singapore, New Zealand, the UK, and the Netherlands to release joint event logging and threat detection guidance for medium and large organizations, which emphasized the importance of organizations' and service providers' shared responsibilities, as well as log monitoring and log details in crafting logging policies.
While the guidance recommended the use of structured log formats across systems, organizations have been urged to prioritize the type of events logged and ensure the presence of accurate timestamps, device identifiers, executed commands, autonomous system numbers, and unique event identifiers to better aid in incident response efforts. "Useful event logs enrich a network defender's ability to assess security events to identify whether they are false positives or true positives. Implementing high-quality logging will aid network defenders in discovering [living-off-the-land] techniques that are designed to appear benign in nature," said the document.
