An official website of the United States government
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | May 27, 2025

NSA, ASD’s ACSC, and other agencies publish three Cybersecurity Information Sheets with guidance on SIEM and SOAR implementation

FORT MEADE, Md. - The National Security Agency (NSA) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other agencies to release three publications providing guidance for cybersecurity executives and network defenders to consider when implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.
 
SIEM solutions collect, aggregate, and correlate log data, empowering network defenders to monitor activity and uncover advanced cyber threats. SOAR platforms work hand-in-hand with SIEM tools, utilizing their data collection and analysis to deliver timely responses to detected malicious activity, especially in Zero Trust architectures.
 
Collectively, the publications define SIEM and SOAR platforms, outline potential challenges, provide recommendations for implementation, and highlight relevant benefits for executives and practitioners.
 
The first guidance, “Implementing SIEM and SOAR Platforms: Executive Guidance,” outlines the role, benefits, challenges, and best practices of SIEM/SOAR implementation. The companion guide, “Implementing SIEM and SOAR Platforms: Practitioners Guidance,” details how SIEM/SOAR can enhance an organization’s visibility, detection, and response, and outlines principles for procurement, establishment, and maintenance of the platforms.
 
The third guidance, “Priority Logs for SIEM Ingestion: Practitioner Guidance,” provides practitioners detailed technical guidance for specific categories of log sources, such as Endpoint Detection and Response tools, Windows/Linux operating systems, network devices, and Cloud deployments.
 
The publications are especially relevant for National Security Systems (NSS), the Department of Defense (DoD), and the Defense Industrial Base (DIB); the authoring agencies urge these cybersecurity executives, network owners, and practitioners to implement SIEM/SOAR platforms using the guidance provided to effectively detect and respond to possible intrusions.
 
Additional co-sealers for the ASD’s ACSC guides are the Cybersecurity and Infrastructure Security Agency (CISA); the Federal Bureau of Investigation (FBI); the Canadian Centre for Cyber Security (CCCS); the United Kingdom’s National Cyber Security Center (NCSC-UK); New Zealand’s National Cyber Security Center (NCSC-NZ); Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and Computer Emergency Response Team (JPCERT); the Republic of Korea’s National Intelligence Service (NIS); Czech Republic’s National Cyber and information Security Agency (NUKIB); and Singapore’s Cyber Security Agency (CSA).
 
Read the full reports:

Visit our full library for more cybersecurity information and technical guidance.
 

NSA Media Relations
MediaRelations@nsa.gov
443-634-0721

cybersecurity Cybersecurity Information Sheet CSI SIEM SOAR log collection logging automated response
Hosted by Defense Media Activity - WEB.mil Veterans Crisis Line number. Dial 988 then Press 1