SIEM
Security Information and Event Management — aggregates and analyzes security logs for threat detection.
Also: Security Information and Event Management
Definition
Security Information and Event Management (SIEM) is a security management approach that combines Security Information Management (SIM) and Security Event Management (SEM). SIEM systems collect and aggregate log data from across an organization's technology infrastructure — servers, network devices, applications — and use correlation rules, machine learning, and behavioral analytics to detect security incidents, support compliance reporting, and enable incident investigation. Examples include Splunk, Microsoft Sentinel, and IBM QRadar.
Example
“A SIEM correlates 50,000 daily log events across 200 servers to detect that a user account logged in from three countries in one hour — a sign of credential compromise.”
Synonyms
- security analytics platform
- log aggregation system
- threat correlation engine
Images
CC-licensed · free to useVideo
Related Terms
- intrusion-detection
- log-management
- incident-response
- threat-intelligence