Zusammenfassung
Security Information and Event Management is responsible for collecting security-relevant data in a centralized manner to detect threats or incidents. Thereby, it provided security analytics capabilities in real time or historically on past events by correlating multiple log events. Further functionalities are enrichment with context data, normalization of heterogeneous data sources, reporting, ...
Zusammenfassung
Security Information and Event Management is responsible for collecting security-relevant data in a centralized manner to detect threats or incidents. Thereby, it provided security analytics capabilities in real time or historically on past events by correlating multiple log events. Further functionalities are enrichment with context data, normalization of heterogeneous data sources, reporting, alerting, and automatic incident response capabilities. To enable the exchange of threat information, it provides a connection to cyber threat intelligence exchange platforms, and human security analysts are involved by offering visual security analytics capabilities. Additionally, SIEM provides log management capabilities by long-term storage of event data.