SIEM - Security Information and Event Management

Definition

What is a Security Information and Event Management (SIEM)?

Security Information and Event Management (SIEM) is a system designed to collect, analyze, and manage security data from various sources within an organization. The primary goal of SIEM is to provide a comprehensive view of the organization’s security status, identify potential threats, and conduct in-depth analyses to improve incident response capabilities.

SIEM collects and normalizes data from multiple sources, such as system logs, network data, applications, and more. It analyzes the data in real-time, searching for suspicious patterns or unusual activity, and correlates events to detect attacks or threats to the system. Upon detecting an anomaly, SIEM generates alerts and warnings for SOC analysts.

YouTube player

You may also find interesting

OpenEDR

AlienVault OSSIM​

You may also find interesting

OpenEDR

AlienVault OSSIM​

Glossary

Sandbox

A Sandbox is an isolated environment where code or software...

Read More

Hashing

Hashing is a cryptographic process that transforms an input ("message")...

Read More

Antivirus

The traditional Antivirus software is designed to detect, block, and...

Read More

MITRE

MITRE is a not-for-profit organization that operates federally funded research...

Read More

MITRE ATT&CK

MITRE is a not-for-profit organization that operates federally funded research...

Read More