ASD's Blueprint for Secure Cloud

SIEM

This section describes the design decisions associated with Security Information and Event Monitoring for system(s) built using ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

Security Information and Event Monitoring (SIEM) is a combination of tools and services that provide insights into an information technology environment. The tools and services are classed as either Security Information Management (SIM) or Security Event Management (SEM). SIEM tools gather log files from devices, services, and platforms for analysis and reporting. Through this process security threats and events can be identified. SIEM tools provide real-time analysis of log and event data to alert administrators to potential issues such as security threats. When combined into a SIEM the organisation is provided with:

  • Real-time visibility for the organisation’s systems.
  • Centralised event log management meaning data is consolidated from multiple sources across the network.
  • Correlation of events gathered from different logs and security sources.
  • Automated security event notification for administrators.

In a hybrid environment the SIEM can be located either on-premises or in the cloud. In either location, all logs from the environment should be sent to one SIEM. This ensures maximum insight and creates a single pane of glass for security operations teams. To ensure all logs from cloud services can be ingested by the SIEM, compatibility of the SIEM product with Microsoft 365, Microsoft Azure, and Azure Monitor should be investigated.

Security & Governance

  • None identified

Design

  • None identified

References

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra