How I Built a Log Validation SOP for SIEM Using ACSC Standards (With a Reusable Template)

Analysts monitor global data on multiple screens in a high-tech cybersecurity operations center.

In a SOC, onboarding new log sources often leads to detection gaps due to incomplete or incorrect data, highlighting a process issue rather than a tooling one. The author developed a Log Validation Runbook aligned with ACSC standards to systematically assess log sources, ensuring compliance before production readiness. It includes a structured checklist addressing key areas like log format, required fields, and timestamp handling, ultimately aiding in consistent and effective log validation.

March 25, 2026 0

Cyber Security Career Options and Getting Started – Part 1

The field of cybersecurity has garnered significant attention, prompting many professionals from various industries and graduates to inquire about how they can enter this domain and explore the different career options it offers. To address these questions comprehensively, this blog series will be divided into two parts. In Part 1, we will delve into the... Continue Reading →

May 23, 2023 0

How to monitor and detect malicious PowerShell scripts?

In today's threat landscape more and more threats like fileless malware and ransomware leverage PowerShell during the exploitation stage. In this post I have written some of the best ways to monitor and detect malicious PowerShell scripts. Let's begin with some of the best practices for using PowerShell in your environment Limit PowerShell to only... Continue Reading →

August 9, 2021 2

How to protect your organization using Essential Eight mitigation strategy?

Australia Signal Directorate (ASD) and Australia Cyber Security Centre (ACSC) has defined a strategy called Essential Eight to help organizations mitigate threats and adversaries. These eight strategies are baselines and can be used as a starting point for organizations and then strengthen up the defense. In this post, I have explained the eight strategies and... Continue Reading →

August 27, 2020 0

How to reduce noise in your SIEM?

Your SIEM (Security Information and Event Management)'s ROI depends on how effectively you tune it. Data sources like Firewall, AD server, File server, generates millions of logs every day. Without proper audit policy and SIEM filters, 80% of logs are noise. If you do not tune it, you will not get real value from your... Continue Reading →

June 26, 2020 0

Active Directory Password Audit – Using Pwned Passwords

Active directory in Windows have some built in features to set restriction for passwords created in your environment. How cool would it be if we can compare the passwords used in your AD environment with the passwords disclosed in breach database? By doing this you can ensure that none of your users are using weak... Continue Reading →

August 19, 2019 0

Password hygiene. How to create strong passwords and manage them?

Every time when you sign up to a new service online, you would have to create a password. As a security measure, every site will ask you to create a strong password which is hard to guess, mix of alphanumeric, special characters, at least one uppercase letter and with least character limitation. On top of... Continue Reading →

July 24, 2019 0

Installing unknown software? Read this before you proceed.

When you download software from trusted sources like Microsoft or Google you don't have to worry much about trustworthiness. But when you download software or any files from random sites or programs sent by friends, how do you verify them? When we download file or software from unknown sites, we can scan it with our... Continue Reading →

July 14, 2019 0

How to secure your pc from Ransomware?

Ransomware attacks is on all-time high. Every week or month there is a new variant coming out. Cisco says that Ransomware attacks are growing more than 350 percent annually. If you are curious how ransomware spreads, I have answered for 'How does ransomware get on people's computers?' and how to avoid them in information security... Continue Reading →

July 6, 2019 0

Up ↑