Services Australia
Implementing SIEM and SOAR Platforms Practitioner Guidance
Pages
28
Time to read
42 mins
Publication
Language
English
Pages
28
Time to read
42 mins
Publication
Language
English
This guide provides practitioner guidance on the implementation of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. It is primarily aimed at cyber security practitioners in government and critical infrastructure organizations, but it is also applicable to practitioners in various sectors interested in these technologies. The document is structured into four main sections: defining SIEM and SOAR platforms, outlining their potential benefits, discussing the challenges of implementation, and presenting best practice principles for procurement, establishment, and maintenance. The guide emphasizes the importance of tailoring the implementation to the specific environment and risk profile of each organization. It also notes that effective implementation can enhance network visibility, improve detection and response to cyber security events, and ultimately protect sensitive data and critical networks. Furthermore, the guide mentions compliance considerations and provides context for the use of SIEM and SOAR platforms in relation to existing frameworks and models.