- Posted May 28, 2025
- Technical Advisories
New Zealand’s National Cyber Security Centre (NCSC) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) and other international partners to release three publications on implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.
The series consists of the following guidance:
Implementing SIEM and SOAR platforms. This executive guidance defines SIEM and SOAR platforms, explains their value and also their challenges, and provides high-level recommendations for implementing them. It is targeted at executives but can be used by any organisation that is considering whether and how to implement a SIEM and/or SOAR.
Implementing SIEM and SOAR platforms. This publication provides high-level guidance for cyber security practitioners and describes how a SIEM/SOAR can enhance visibility, detection and response, as well principles for procurement, establishment and maintenance of those platforms.
Priority logs for SIEM ingestion. This publication provides practitioners with detailed logging guidance for specific categories of log sources, such as from endpoint detection and response tools, Windows/Linux operating systems, network devices, and cloud deployments.
Read the publication series(external link).
For more NCSC NZ updates, follow us on LinkedIn.(external link)