28 May 2025
New Zealand’s National Cyber Security Centre (NCSC) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) and other international partners to release three publications on implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.
The series includes the following guidance:
- Implementing SIEM and SOAR platforms – Executive guidance. This publication defines SIEM and SOAR platforms, explains their value and challenges, and provides high-level recommendations for implementing them. It is targeted at executives but is also useful for any organisation considering whether and how to implement a SIEM and/or SOAR.
- Implementing SIEM and SOAR platforms – Practitioner guidance. This guidance is aimed at cyber security practitioners. It outlines how SIEM and SOAR can enhance visibility, detection, and response, and provides principles for the procurement, setup, and maintenance of these platforms.
- Priority logs for SIEM ingestion. This publication gives practitioners detailed logging guidance for key log source categories, including endpoint detection and response tools, Windows/Linux operating systems, network devices, and cloud environments.