GLOSSARY  /  SIEM

What is SIEM?

Security Information and Event Management — a platform that centralizes logs and correlates them to detect threats.

A SIEM collects events from across the environment, normalizes them, and applies correlation rules and analytics to surface suspicious activity for the SOC. Examples include Splunk, Microsoft Sentinel, and Elastic.

Detection rules are increasingly written in vendor-neutral Sigma format.

Related free tools

Related terms

Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.