Security Information and Event Management (SIEM)¶
links: SPA TOC - Host & Network Security - Index
Overview¶
- increase the visibility of events and incidents on networks and systems
- cover/combine:
- log management: centralized collection of logs
- Security Information Management (SIM): long-term storage of log, system and flow data with the ability to analyse this data and generate reports
- Security Event Management (SEM): allows a real-time monitoring and correlation of events to provide notifications and console view
- can give feedback to network security elements (e.g. firewalls, IDS)
- can be extended to do behavioural analysis on larger networks
links: SPA TOC - Host & Network Security - Index