CISA Releases New ‘Logging Made Easy’ Tool to Detect Security Threats


Key Takeaways:

  • CISA has released a new Logging Made Easy (LME) tool to cater to organizations without access to a security operations center or a comprehensive SIEM solution.
  • LME equips security teams with event-driven logs and elastic security detection rules, empowering them to detect and counter advanced threats.
  • The release of Logging Made Easy (LME) currently supports Windows-based devices in on-premises environments.

The Cybersecurity and Infrastructure Security Agency (CISA) has recently released a new Logging Made Easy (LME) solution. The free tool is strategically tailored to address the unique needs of small businesses that may not have access to a dedicated security operations center or a comprehensive security information and event management (SIEM) solution.

The LME tool provides Event-driven logs that should make it easier for organizations to detect and mitigate security threats. It provides built-in elastic security detection rules that can support analysts in safeguarding their corporate assets.

“Logging is critical for proactive monitoring of threats and retroactive investigation and remediation in the event of an incident. Logging Made Easy is a tested and reliable solution that can help organizations with limited resources needing a centralized logging capability,” said Chad Poland, PM for Cyber Shared Services. “CISA is excited to offer this shared service capability to U.S. and international organizations that can help them mitigate risk and identify vulnerabilities.”

According to CISA, LME uses free software such as Docker, Ubuntu, and Elastic. The cybersecurity agency will keep a close eye on updates made by software providers to ensure uninterrupted service performance. The LME architecture is comprised of 3 groups of computers, as shown in the screenshot below:

CISA Releases New 'Logging Made Easy' Tool to Detect Security Threats

CISA has acknowledged a couple of limitations with the LME tool. As of today, the tool only works with Windows-based devices in on-premises environments. CISA plans to add support for cloud-based services (such as Windows running on virtual machines (VMs) in the future.

If you’re interested, you can download the LME tool from the official GitHub repository. However, CISA warned that it’s not a professional tool and should not be used as a SIEM (Security Information and Event Management) solution. The cybersecurity agency has announced its plans to expand the tool’s support to other operating systems in the near future.