CISA Resources
This page provides LME users with direct access to official CISA sites, publications, and companion tools that support log management, security operations, and incident response workflows. Whether you are setting up LME for the first time or looking to optimize how LME integrates into your log management and security operations processes and stack, the resources below connect you with authoritative and practical materials from CISA.
CISA GitHub & YouTube Channel
CISA GitHub | CISA’s official GitHub site.
CISA YouTube | CISA’s official YouTube channel.
General CISA Resources
Free Cybersecurity Services & Tools | CISA offers an extensive selection of no-cost resources from both CISA and its public- and private-sector partners to help individuals and organizations improve their security. Visitors can start with CISA’s top three services–connecting with a Regional Cybersecurity Advisor (CSA), signing up for Cyber Hygiene Services, and taking the Cybersecurity Performance Goal (CPG) assessment–or browse a wide range of additional services and tools.
Internet Exposure Reduction Guidance | This resource provides guidance on reducing internet exposure by identifying and mitigating vulnerabilities in internet-accessible assets and offers actionable steps, tools, and resources from CISA to help organizations improve their attack surface management.
Resources & Tools | CISA offers a wide array of free resources and tools, including technical assistance, cybersecurity assessments, exercises, and training to help organizations strengthen their security and resilience. This site highlights the agency’s services, publications, trainings, and tools that practitioners can readily use to improve their own operations.
Secure Our World | This resource explains practical, easy-to-follow steps for staying safe online, making it simpler for individuals and organizations to protect their personal information, devices, and accounts from cyber threats. It offers straightforward tips, best practices, and links to trusted tools to help you build safer digital habits.
Shields Up | Shields Up is CISA’s free national cyber defense resource, offering timely guidance and quick tips to help organizations prepare for, respond to, and reduce the impact of cyberattacks–including ransomware. It highlights CISA’s role in supporting U.S. critical infrastructure with actionable advice and tools for stronger cyber resilience.
Grants and Funding Programs
State and Local Cybersecurity Grant Program | First nationwide cybersecurity grant initiative specifically for state, local, tribal, and territorial governments, providing funding and support to help them strengthen their cyber defenses. This resource outlines program details, eligibility, and how governments can apply to build more secure and resilient digital infrastructure.
Tribal Cybersecurity Grant Program | DHS announced the Tribal Cybersecurity Grant Program (TCGP) in September 2023 to assist Tribal governments with addressing cybersecurity risks and threats to information systems owned or operated by, or on behalf of, those Tribal governments. On August 1, 2025, DHS announced awards of an additional $12.1 million in grants to Tribal governments.
Logging Guidance
Best Practices for Event Logging and Threat Detection | This resource highlights best practices for event logging and threat detection jointly released by the Australian Signals Directorate-Australian Cyber Security Center (ASD-ACSC), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA), offering organizations practical steps to strengthen security monitoring and improve incident response.
Guidance for SIEM and SOAR Implementation | These resources offer practitioner and executive guidance on implementing Security Information and Event Management (SIEM) and Security, Orchestration, Automation, and Response (SOAR) platforms, including best practices for log ingestion and integration, so organizations can strengthen their cybersecurity framework and quickly detect and respond to threats.
Microsoft Expanded Cloud Logs Implementation Playbook | This playbook provides a detailed overview of newly introduced logging capabilities in Microsoft Purview Audit (as of January 2025) and is written for use by technical personnel responsible for log collection, aggregation, correlation, and incident-response orchestration at government agencies and enterprises with Microsoft E3/G3-and-above licensing.
Log Analysis & Visualization
LME Analysis Demo Video | A Logging Made Easy (LME) analysis video that highlights the platform’s key takeaways–how to strengthen security, streamline log management, and gain clearer threat insights through customizable dashboards.
Incident Response Tools
Eviction Strategies Tool | A no-cost resource which provides cyber defenders with guidance and support for the containment and eviction phases of incident response.
Malware Next-Generation Analysis | CISA’s Malware Next-Generation analysis platform provides automated malware analysis support for all U.S. federal and SLTT government agencies. Analysis is performed by a combination of static and dynamic analysis tools in a secure environment and results are available in PDF and STIX 2.1 data formats.
Thorium | Thorium is a highly scalable, distributed malware analysis and data generation framework. Thorium is designed to make cyber incident response, triage, and file analysis easier through the safe ingestion and storage of data, automation of analyses and easy access to stored analyses and metadata.
Incident Reporting & Support
CISA Incident Reporting System | The CISA Incident Reporting system provides a secure web-enabled means of reporting computer security incidents to CISA. This system assists analysts in providing timely handling of your security incidents as well as the ability to conduct improved analysis.
Contact Us | This resource provides a one-stop way to reach the agency–from reporting cyber incidents or suspicious activity to finding your Regional CISA contact, directing media inquiries, subscribing for updates, requesting a CISA speaker, or exploring business opportunities with the agency. It makes it easy for individuals, organizations, and partners to connect with CISA and stay informed.