Logging Made Easy Workshop

Presented at 44CON 2019, Sept. 12, 2019, 10:30 a.m. (119 minutes)

Logging Made Easy (LME) is a tried and tested self-install tutorial for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks. LME is designed to be a quick to deploy logging solution giving you access to useful logs when you need them. Lead by NCSC, Developed in collaboration with NCC Group and with funding from the Cabinet Office, LME provides an organisation with a simple to deploy, simple to maintain and simple to use logging solution. LME allows for users with both limited knowledge and the with advanced knowledge to perform performance, Incident response and threat hunting activity. LME gathers logs to provide this capability both from the built in windows event logging and that provided by Microsoft Sysmon. This log data can be leveraged to search for to name but a few, Files hashes, File Names, nefarious launches such as Microsoft win word launching Microsoft Powershell which then launches IE to download and execute VBS. On the other end of the attack spectrum LME allows you to see what applications are crashing on your estate and other performance related logs, Allowing you to be one step ahead of some potential problems. We will run through this tutorial and then provide you with an environment to give it a go yourself (with a bit of magic for the Windows slow bits) A hands on look into the logging made easy solution from set-up, roll-out, testing and example uses. This workshop will aim to show attendees how to deploy and use LME over a provided test network. Featuring hands on practicals and scenarios to test out functionality in LME and get a grasp on how this data can be leveraged to achieve greater visibility into actions occurring on your hosts across your estate.

Presenters:

  • Duncan Atkin - NCC Group
    Duncan is a fully certified lumberjack, capable of processing massive volumes of logs. When not processing logs, he enjoys growing trees and making cider with the fruits of his labour. (Duncan did not submit a bio)
  • NCSC Representatives
    NCSC Representatives are not permitted to submit bios, and while funny to make one up, it would be cruel for us to do so, so we’re leaving this blank.

Links:

Similar Presentations: