The Canadian Centre for Cyber Security (Cyber Centre) has joined the Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) and the following international partners in releasing updated cyber security guidance on security information and event management (SIEM) and security orchestration, automation and response (SOAR):
- Czech Republic’s National Cyber and Information Security Agency (NÚKIB)
- Japan’s National Center of Incident Readiness and Strategy for Cyber Security (NISC) and Computer Emergency Response Team Coordination Center (JPCERT/CC)
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- Republic of Korea’s National Intelligence Service (NIS)
- Singapore’s Cyber Security Agency (CSA)
- United Kingdom’s National Cyber Security Centre (NCSC-UK)
- United States’ Federal Bureau of Investigation (FBI)
- United States’ Cybersecurity and Infrastructure Security Agency (CISA)
- United States’ National Security Agency (NSA)
SIEM and SOAR platforms offer many benefits to organizations. Both platforms can enhance an organization’s ability to detect and respond to cyber security risks by collating, analyzing and automating some aspects of an organization’s work. To function effectively, SIEM and SOAR platforms rely on proper deployment and maintenance over time.
This series of guidance includes 3 publications.
Executive guidance: Implementing security information and event management and security orchestration, automation and response platforms
This executive summary provides considerations for organizations that are looking to procure SIEM and SOAR platforms. The executive summary:
- defines SIEM and SOAR platforms
- outlines the benefits and challenges associated with using SIEM and SOAR platforms
- identifies best practices for implementing and maintaining SIEM and SOAR platforms
Guidance for practitioners: Implementing security information and event management and security orchestration, automation and response platforms and their implementation
This joint guidance provides high-level direction for cyber security practitioners on SIEM and SOAR platforms. Cyber security practitioners in government and other organizations can leverage this guidance to implement SIEM and SOAR platforms.
Guidance for practitioners: Priority logs for security information and event management ingestion
This joint guidance is intended for cyber security practitioners. It provides recommendations for logs that should be prioritized for ingestion by a SIEM platform, as well as tips on querying the platform.
Read Guidance for practitioners: Priority logs for security information and event management ingestion.