How I Built a Log Validation SOP for SIEM Using ACSC Standards (With a Reusable Template)

Analysts monitor global data on multiple screens in a high-tech cybersecurity operations center.

In a SOC, onboarding new log sources often leads to detection gaps due to incomplete or incorrect data, highlighting a process issue rather than a tooling one. The author developed a Log Validation Runbook aligned with ACSC standards to systematically assess log sources, ensuring compliance before production readiness. It includes a structured checklist addressing key areas like log format, required fields, and timestamp handling, ultimately aiding in consistent and effective log validation.

March 25, 2026 0

How to monitor and detect malicious PowerShell scripts?

In today's threat landscape more and more threats like fileless malware and ransomware leverage PowerShell during the exploitation stage. In this post I have written some of the best ways to monitor and detect malicious PowerShell scripts. Let's begin with some of the best practices for using PowerShell in your environment Limit PowerShell to only... Continue Reading →

August 9, 2021 2

How to reduce noise in your SIEM?

Your SIEM (Security Information and Event Management)'s ROI depends on how effectively you tune it. Data sources like Firewall, AD server, File server, generates millions of logs every day. Without proper audit policy and SIEM filters, 80% of logs are noise. If you do not tune it, you will not get real value from your... Continue Reading →

June 26, 2020 0

Events of Interest to monitor in Cisco ASA Firewall/IPS

When I receive a request to monitor critical events from a vendor, it becomes a cumbersome task to gather information about the vendor, log schema, and event types. This information is not readily available through a simple online search. To simplify the process, I am providing a consolidated list of Cisco ASA events that are... Continue Reading →

May 29, 2020 1