These guidelines are intended for security-relevant event logs. They are not intended for non-security-relevant event logs, such as operating system and application performance-related event logs.
Further information on logging intrusion activity can be found in the ‘Managing cyber security incidents’ section of the Guidelines for cyber security incidents.
Further information on event logging for application-based security products can be found in the ‘Operating system hardening’ section of the Guidelines for system hardening.
Further information on event logging for artificial intelligence applications can be found in the ‘Software development fundamentals’ section of the Guidelines for software development.
Further information on event logging for Cross Domain Solutions can be found in the ‘Cross Domain Solutions’ section of the Guidelines for gateways.
Further information on event logging for databases can be found in the ‘Databases’ section of the Guidelines for database systems.
Further information on event logging for gateways can be found in the ‘Gateways’ section of the Guidelines for gateways.
Further information on event logging for mobile applications can be found in the ‘Software development fundamentals’ section of the Guidelines for software development.
Further information on event logging for multifunction devices can be found in the ‘Multifunction devices’ section of the Guidelines for communications systems.
Further information on event logging for network-based security products can be found in the ‘Network design and configuration’ section of the Guidelines for networking.
Further information on event logging for operating systems can be found in the ‘Operating system hardening’ and ‘Authentication hardening’ sections of the Guidelines for system hardening.
Further information on event logging for server applications can be found in the ‘Server application hardening’ section of the Guidelines for system hardening.
Further information on event logging for system access can be found in the ‘Access to systems and their resources’ section of the Guidelines for personnel security.
Further information on event logging for user applications can be found in the ‘User application hardening’ section of the Guidelines for system hardening.
Further information on event logging for web applications can be found in the ‘Software development’ section of the Guidelines for software development.
Further information on event logging for web proxies can be found in the ‘Web proxies’ section of the Guidelines for gateways.
Further information on event logging can be found in the following Australian Signals Directorate publications:
Further information on SIEM and SOAR platforms can be found in the Australian Signals Directorate’s Implementing SIEM and SOAR platforms: Executive guidance and Implementing SIEM and SOAR platforms: Practitioner guidance publications.
Further information on prioritising the collection and storage of event logs can be found in the United States’ Cybersecurity & Infrastructure Security Agency’s Guidance for Implementing M-21-31: Improving the Federal Government's Investigative and Remediation Capabilities publication.
Further information on the National Archives of Australia’s requirements for event log retention can be found in their AFDA Express Version 2 – Technology & Information Management publication.
19 controls