SIEM - Security Information and Event Management Home Cybersecurity Dictionary SIEM - Security Information and Event Management SIEM is a software tool that allows security operations teams to identify potential incidents by consolidating and correlating log data from many other tools in the environment. These commonly ingest log data from IDS/IPS, Firewalls, endpoint security solutions, and numerous other sources. SIEMs then use rule sets which can be customized by the security operations team to correlate the log data and trigger alerts when violations of the rule sets occur. Many regulations require that companies store and regularly review log data as part of their cyber threat defense program. SIEMs are increasingly integrating User and Entity Behavior Analytics (UEBA) to provide advanced analytics related to activity in an environment. In addition, SIEMs are integrating (Security Orchestration and Automation and Response (SOAR) technology to help streamline (or automate) the alert triage and incident response process. Related TermsMSS - Managed Security ServicesMSSP - Managed Security Service ProviderDLP - Data Loss PreventionIR - Incident Response Share: Seeking Clarity? View the Cybersecurity Dictionary for top terms searched by your peers. Back to the Dictionary RELATED INSIGHTS DOWNLOAD February 22, 2016 Streamlining an Effective SIEM Implementation Maximizing resources and reducing deployment risk. See Details Read more about Streamlining an Effective SIEM Implementation How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.