Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 27 May 2025
Last updated: 27 May 2025

Content written for

Large organisations & infrastructure
Government

What is SIEM?

A Security Information and Event Management (SIEM) platform is a type of software or appliance that collects, centralises, and analyses log data from sources within a network or system. If it is properly implemented, a SIEM platform automates the collection and centralisation of important log data from across a network that would otherwise be scattered, making it easier for a human security team to navigate.

What is SOAR?

A Security Orchestration, Automation, and Response (SOAR) platform detects anomalous activity on a network and automates a response. It applies predefined ‘playbooks’, which combine incident response and business continuity plans to determine automatic actions, supporting actions from incident response providers.

A SOAR platform is designed to integrate with a SIEM platform and leverage its collection, centralisation, and analysis of log data. Some SOAR platforms have inbuilt SIEMs, while others are built on top of a SIEM as a separate product. A SOAR can also be integrated with other security tools, such as firewalls, endpoint security solutions, and vulnerability scanners.

Why implement SIEM and/or SOAR?

SIEM and/or SOAR platforms can be critical to organisations’ cyber security strategy by enabling visibility over the ICT environment and the detection of malicious activity. Implemented well, these platforms collect, centralise, and analyse important data that would otherwise be extremely complex and scattered. This helps organisations detect cyber security events and incidents to assist defenders intervene early and respond to threats

Implementing SIEM and SOAR platforms: Executive guidance

This document is primarily intended for executives. It defines SIEM/SOAR platforms, outlines their benefits and challenges, and provides broad recommendations for implementation that are relevant to executives.

Implementing SIEM and SOAR platforms: Practitioner guidance

This document is intended for cyber security practitioners. In greater technical details, it defines SIEM/SOAR platforms, outlines the benefits and challenges, and provides best practice principles for implementation.

Priority logs for SIEM ingestion: Practitioner guidance

This document is again intended for cyber security practitioners and provides detailed, technical guidance on the logs that should be prioritised for SIEM ingestion. It cover log sources including Endpoint Detection and Response tools, Windows/Linux operating systems, and Cloud and Network Devices.

System monitoring

SIEM and SOAR platforms can greatly benefit your organisation by collecting, centralising, and analysing important data, detecting cyber security events and incidents and prompting timely intervention.
Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it