Mahesh Shivhare

Cybersecurity and Infrastructure Security Agency,  in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international and U.S. partners, released guidance for organizations seeking to procure Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.  https://lnkd.in/ecMQkW4p

1

New Zealand’s National Cyber Security Centre (NCSC) has joined the Australian Signals Directorate’s ACSC and international partners to release three practical publications on implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. The series includes: ▪️Implementing SIEM and SOAR (Executive Guidance) - defines platform value and challenges, tailored for executive decision-makers. ▪️Implementing SIEM and SOAR (Practitioner Guidance) - outlines detection, visibility, and integration principles for cyber teams. ▪️Priority Logs for SIEM Ingestion - provides detailed guidance on what log sources to ingest and why, across endpoint, network, cloud, and OT domains. 🛡️ Key technical takeaways from the Priority Logs guidance: ▪️Prioritised by risk and value: Start with EDR, firewalls, and domain controller logs (e.g. DCSync, GPO changes), then scale based on risk profile, threat surface and deliberately selected use cases. ▪️ Architecture tips: SIEMs are NOT archives - use centralised collection with selective ingestion. Prioritise logs with analytical value and avoid overwhelming your SIEM with noisy sources. ▪️ Mapped log categories: ✔EDR: DLL mismatches, DNS cache entries, BAM activity, PowerShell script blocks ✔Network: Denied connections, config changes, VLAN NetFlow, auth failures ✔AD/Windows: Sysmon Event ID 1, scheduled tasks (4698), AppLocker blocks, audit log clearance ✔OT/ICS: Data diode architecture, passive protocol-aware monitoring, safe enrichment of log telemetry ✔Cloud: AWS (CloudTrail, SecretsManager), Azure (Unified audit, Entra logs), GCP (Access Transparency), Google Workspace (Drive, Gmail, OAuth events) ▪️SIEM/SOAR model compatibility: Applies to standalone or integrated deployments. Emphasis on high-fidelity log sources and detection tuning over ingesting "everything". Full advisory and access to all three documents: 👉 https://lnkd.in/gvqxRZ55 #SIEM #SOAR #CyberSecurity #ThreatDetection #SecurityMonitoring #SOCArchitecture #EDR #CloudSecurity #OTSecurity #LogManagement #NZCyber #NCSC #ACSC #SecurityEngineering #BlueTeam

18

The cheapest time to fix MIP security is before it becomes an audit question. Many teams inherit security settings that were built one request at a time. It works until it does not. Then it turns into access confusion, role creep, and an audit trail that takes too long to explain. MCG Lunch and Learn (60 minutes) Topic: MIP Security Checkup, Users, Groups, Advanced, Audit Trails February 25, 2026, 1:00 PM to 2:00 PM EST $39 per session $299 for 12 sessions with membership, save over 35% For nonprofit and mission-driven organizations using MIP Accounting. Not for teams that are not on MIP. Register: https://lnkd.in/enCdZUhz #mipaccounting #nonprofitfinance #internalcontrols #auditreadiness

1

New Zealand’s National Cyber Security Centre (NCSC) has joined the Australian Signals Directorate and other international partners to release three publications on implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. The series consists of the following guidance: 👉 Implementing SIEM and SOAR platforms. This executive guidance defines SIEM and SOAR platforms, explains their value and their challenges, and provides high-level recommendations for implementing them. It is targeted at executives but can be used by any organisation that is considering whether and how to implement a SIEM and/or SOAR. 👉 Implementing SIEM and SOAR platforms. This publication provides high-level guidance for cyber security practitioners and describes how a SIEM/SOAR can enhance visibility, detection and response, as well principles for procurement, establishment and maintenance of those platforms. 👉 Priority logs for SIEM ingestion. This publication provides practitioners with detailed logging guidance for specific categories of log sources, such as from endpoint detection and response tools, Windows/Linux operating systems, network devices, and cloud deployments. Read the publication series ➡️ https://lnkd.in/gn8-FGJh #cybersecurity #infosec

68

Is your security posture built on a generic checklist or real-world experience? A standard security checklist isn't enough.  Our Secure Config Reviews are based on industry-recognized guides from sources like Microsoft, the Center for Internet Security (CIS), the Australian Cyber Security Center (ACSC), plus our own checks built from years of penetration testing experience. Stop making it easy for attackers. Learn more: https://lnkd.in/gT9Tszuf

3

🚨 Cybersecurity & IAM Talent Shortage Alert Organizations across the U.S. are struggling to find: • CyberArk Engineers • IAM Architects • SOC Analysts • DLP Specialists • GenAI • Cloud Security Experts This shortage is driving up project risk and slowing compliance initiatives. PTY TECH has built a network of vetted cybersecurity experts ready to deploy quickly. If you’re planning major security initiatives this year, we can support your team. #CyberSecurity #IAM #RiskManagement #ITStaffing #SecurityEngineering

4

🚨 CISO Alert: Microsoft WSUS Vulnerability Highlights Supply Chain Risk The Australian Signals Directorate (ASD) has issued an advisory warning about a critical vulnerability in Microsoft Windows Server Update Services (WSUS) — a reminder that even trusted infrastructure can become an attack vector. 🧭 Strategic Implication: If WSUS is compromised, attackers can tamper with software updates, enabling lateral movement and large-scale compromise across enterprise environments. This is a supply chain threat within your own perimeter. 🛡 CISO Priorities: 1. Validate patch integrity — ensure all updates come from trusted, authenticated sources. 2. Apply Microsoft’s latest security update and review WSUS configurations (especially TLS and authentication). 3. Limit network exposure of WSUS servers to trusted systems only. 4. Enhance detection for suspicious update activities and anomalous admin behavior. 5. Revisit your patch management strategy — speed must be balanced with assurance. 🔍 This incident reinforces a hard truth: the security of your update infrastructure is as critical as the updates themselves. #CyberSecurity #CISO #ThreatIntel #Microsoft #WSUS #PatchManagement #SupplyChainSecurity #ASD

1

New Guidance on Implementing SIEM & SOAR Platforms – Helping Organisations Strengthen Cyber Resilience 📅 Date: 27 May 2025 📍 Source: Australian Cyber Security Centre 🛡 Subject: Cybersecurity Summary: 📣 A series of publications has been released to support executives and practitioners in the procurement, implementation, and optimisation of Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms. ✅ SIEM/SOAR solutions centralise data, enhance incident detection, enable timely response, and improve situational awareness across IT environments. Key Resources: 1️⃣ Executive Guidance – Explains the value, challenges, and strategic considerations of SIEM/SOAR for decision-makers. 2️⃣ Practitioner Guidance – Covers platform setup, maintenance, and security benefits for technical teams. 3️⃣ Priority Logs for SIEM Ingestion – Offers detailed logging best practices across key data sources: EDR, OS logs (Windows/Linux), network devices, and cloud. Impact: 🏢 Relevant for large organisations, critical infrastructure providers, and government agencies seeking to improve cyber incident response capabilities. 📈 Provides a framework to streamline security operations and align tooling with real-world threats. Link: https://lnkd.in/gctDYEJF 🔔 Follow RegLex for updates on cybersecurity frameworks, threat detection solutions, and compliance tools. #CyberSecurity #SIEM #SOAR #ThreatDetection #IncidentResponse #ExecutiveGuidance #PractitionerGuidance #SecurityOperations #SOC #GovCyber #CriticalInfrastructure #LogManagement #RegLexUpdates

2

Government employees created this standard for use by government agencies. Due to this fact, government employees often lack commercial enterprise experience, so they may make recommendations for controls that might not be sustainable in commercial enterprises.

20

1 Comment

Guidance for SIEM and SOAR Implementation "The Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre (ACSC) released new guidance this week on procuring, implementing, and maintaining security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms." https://lnkd.in/d_C-Htbk #cisa #cyberthreatintelligence #cybersecurity

8

A step-by-step playbook to implement ASD cloud guidance, align to ISM controls, and prepare for IRAP-style assessments, with checklists and templates.

3

ACSC: Priority Logs for SIEM Ingestion – Practitioner Guidance The Australian Cyber Security Centre (ACSC) has released updated guidance aimed at large organisations, critical infrastructure operators, and government agencies to help prioritise log sources for SIEM ingestion. ➡️ In complex environments, the volume of logs can overwhelm even well-resourced SOC teams. This guidance helps security practitioners focus on high-value log sources, enabling: More effective threat detection Streamlined investigations Stronger SOAR and SIEM platform outcomes What’s included: Detailed log prioritisation strategies Best practices for log retention and ingestion Integration with wider system hardening and monitoring efforts #CyberSecurity #SIEM #SOAR #ACSC #IncidentResponse #LogManagement #CriticalInfrastructure #GovTech #SecurityOperations #Infosec #ThreatDetection #AustraliaCyberSecurity #SMIITCyberAI #SMIIT

4