Skip to content

Security Information and Event Management (SIEM)

links: SPA TOC - Host & Network Security - Index


Overview

  • increase the visibility of events and incidents on networks and systems
  • cover/combine:
    • log management: centralized collection of logs
    • Security Information Management (SIM): long-term storage of log, system and flow data with the ability to analyse this data and generate reports
    • Security Event Management (SEM): allows a real-time monitoring and correlation of events to provide notifications and console view
  • can give feedback to network security elements (e.g. firewalls, IDS)
  • can be extended to do behavioural analysis on larger networks

links: SPA TOC - Host & Network Security - Index