At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Active remediation
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 1 SOC region
- Surfaces
- Endpoint · Cloud · Network
- IR retainer
- Separate
- Customers (public)
- Macquarie Government says it protects 42% of Commonwealth Government and monitors 42% of Australian government internet traffic.
- SOC analysts
- Macquarie Government publishes over 270 government-cleared staff and NV1-cleared SOC specialists. MDR-specific analyst count is not published.
- Onboarding
- Not published. Macquarie Government describes customized playbooks aligned with agency security processes and integration with existing security systems.
Best for
Ideal for
- Australian Commonwealth and state agencies that require sovereign onshore SOCaaS and MDR
- Government teams that want Splunk-based SIEMaaS, SASE and secure gateway operations from one provider
- Agencies prioritizing NV1-cleared local analysts, Essential 8 alignment and Australian government threat intelligence
Not ideal for
- Private-sector or non-Australian buyers that do not need a government-specific sovereign provider
- Organizations that require public MDR pricing or contractual MTTD/MTTR before engaging sales
- Teams that want a pure endpoint MDR package without SIEM, SASE, gateway or sovereign hosting dependencies
Coverage
Endpoint
Included
Cloud
Included
Identity
Limited
SaaS
Limited
Network
Included
OT / IoT
Not offered
Compatible tools
EDR
SIEM
Cloud
Additional capabilities
Incident response
- Monitoring
- 24/7 · Macquarie Government publishes local 24x7x365 monitoring by NV1-cleared specialists in Sydney and Canberra. Exact shift model and staffing ratios are not published
- First response
- Configurable — auto-act per your playbook, or escalate for approval · Custom playbooks supported
- Containment
- Endpoint isolation · Network containment
- Notification
- Phone · Email
- Response SLA
- Not disclosed · Macquarie Government publishes 24x7 SOCaaS, incident management, automated response, guided remediation and threat-blocking language.
- IR included
- No — separate retainer
Detection quality
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- The Cyber Security Services page says the SOC filters false positives to identify real threats, while SIEMaaS pages describe machine-learning anomaly correlations designed to reduce false positives. No false-positive rate is published.
Threat hunting
- Included
- Yes — in base service
- Approach
- hybrid
- Frequency
- Not published
Pricing
Custom government subscription and procurement model. SOCaaS, SIEMaaS and SASE pricing is not published.. Socaas subscription or siemaas subscription or sase for government or custom government procurement contracts.
- Indicative price
- Not published
What costs extra
- -SIEM ingestion and Splunk billing depend on log volume and optimization scope
- -SASE, SIGNET, secure web gateway, ZTNA, CASB and Virtual Services Gateway are adjacent services that may be quoted separately
- -Cyber Threat Intelligence, premium CTI, dark web monitoring and breached-credential monitoring may be separate scope
- -Long-term SIEM retention and data export terms require contract review
- -Incident response retainers, hands-on remediation and customer-environment containment authority require confirmation
Cost caveats
- -The service is explicitly built for Australian Commonwealth and state government agencies, so private-sector and non-Australian buyers may not be eligible or may not fit the operating model.
- -Public pages do not publish prices, minimum terms, MTTD/MTTR, service credits or formal MDR SLAs.
- -SOCaaS is closely tied to Macquarie Government SIEMaaS, Splunk, sovereign hosting, SASE and gateway services; model migration work if replacing the service later.
- -Buyers should document which automated response actions are allowed by default and which require agency approval.
- -Log retention, ingestion, secure cloud, SASE and CTI options can materially change the total contract scope.
Pricing compiled from public sources. Verify directly with the provider.
The team
- Analysts
- Direct employees · Macquarie Government publishes over 270 government-cleared staff and NV1-cleared SOC specialists. MDR-specific analyst count is not published.
- Certifications
- NV1 clearanceAGSVA-cleared threat analystsDISP membershipAustralian Government Strategic certified data centres
- Channels
- Portal · Email · Phone
- Data access
- Dashboard Access
- Portal
- SIEMaaS pages describe dashboards and a single-pane security view. SOC pages describe weekly and monthly reports covering key metrics, notable events and threat-hunt results. Raw query access is not described publicly.
- Account manager
- Shared / pooled
Reputation
Macquarie Government has strong vendor-controlled evidence for Australian government sovereignty, 24x7 SOC operations, SIEMaaS, threat intelligence and SASE integration, but little independent MDR-specific buyer-review signal in public communities. Government buyers should use procurement references to validate analyst quality, response authority, onboarding effort and Splunk/log-volume cost exposure.
What customers praise
- — Clear Australian sovereign delivery and government specialization
- — 24x7 local SOC staffed by NV1-cleared specialists
- — Broad adjacent stack across SIEMaaS, CTI, SASE, secure gateway and secure cloud
Common complaints
- — No public pricing or formal MDR response SLA
- — Response authority and hands-on remediation scope require contract confirmation
- — Limited independent MDR-specific review signal
Reddit (r/sysadmin, r/msp)
No meaningful Reddit signal found for Macquarie Government SOCaaS or MDR specifically.
Questions to ask
8 questions to ask Macquarie Government▾
- 1.
Is our agency eligible for SOCaaS, SIEMaaS, SASE and CTI services, and which procurement vehicles apply?
- 2.
Which logs, endpoints, cloud accounts, gateways and SIEM sources are included in the base SOCaaS scope?
- 3.
Which response actions can Macquarie Government execute directly, and which require agency approval?
- 4.
What contractual SLA applies to high-severity triage, notification, containment and escalation?
- 5.
How is Splunk ingestion priced and optimized, and what retention is included by default?
- 6.
Which playbooks are included at onboarding, and how often are they reviewed with our security team?
- 7.
What CTI sources and customer-specific advisories are included versus premium add-ons?
- 8.
What dashboards, reports, raw logs, detections, playbooks and SIEM data can we export during offboarding?
Evidence
Sources reviewed
Main public source used for the provider profile.
Official SOC page used to verify 24x7 Australian SOC positioning, risk-based alerting, AI, automated response, guided remediation, threat hunting, log ingestion optimization, reporting and customer logo context.
Official cyber security page used to verify MDR/XDR language, 24x7 SOC monitoring, over 3,000 playbooks, false-positive triage, 270+ government-cleared staff, 42% Commonwealth Government language and related services.
Official SIEMaaS page used to verify Splunk Enterprise, sovereign local hosting, advanced threat detection, anomaly correlation, dashboards, forensics, automated blocking language and up-to-seven-year event storage language.
Official CTI page used to verify Australian government-only focus, dark web and forum hunting, 250B monthly government event logs, AGSVA-cleared analysts, IPS-block mitigation examples, sovereign delivery, ASX-listed language and DISP/Strategic data-centre claims.
Official SASE page used to verify SASE for government positioning, Essential 8 Maturity Level 2 language, Protected-level security operations, MDR for SASE, NV1-cleared SOC operation and customized playbooks.
Official VSG page used to verify AWS and Azure context, IRAP standards language, SOC monitoring, managed SIEM dashboards, firewall, IPS, WAF, load balancing and related 24x7 threat detection and remediation support language.
Official homepage used to verify sovereign Australian government positioning, 90+ SOCs, 30 years of experience language, 270+ cleared engineers, secure data centres and the official logo asset.
Public-data caveats
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response authority may depend on pre-approval and contract scope.
- -MDR analyst headcount or analyst-to-customer ratio is not public.