Optiv Cybersecurity Dictionary

What is SIEM - Security Information and Event Management?

SIEM is a software tool that allows security operations teams to identify potential incidents by consolidating and correlating log data from many other tools in the environment.

 

These commonly ingest log data from IDS/IPS, firewalls, endpoint security solutions and numerous other sources. SIEMs then use rule sets that can be customized by the security operations team to correlate the log data and trigger alerts when violations of the rule sets occur. Many regulations require that companies store and regularly review log data as part of their cyber threat defense program.

 

SIEMs are increasingly integrating user and entity behavior analytics (UEBA) to provide advanced analytics of an environment's activity. In addition, SIEMs are integrating (security orchestration, automation and response (SOAR) technology to help streamline (or automate) the alert triage and incident response process.


Contact Us