Security OperationsAlso called: "siem platform"
SIEM systems collect logs from endpoints, cloud services, firewalls, and applications to detect suspicious behavior.
What a SIEM does
- Normalizes diverse log sources into a single schema.
- Applies detection rules and machine learning to find anomalies.
- Automates response actions through SOAR integrations.
- Supports compliance reporting with long-term log retention.
Operational considerations
- Tune detections to reduce false positives.
- Establish runbooks for how analysts should triage alerts.
- Ensure data sources cover modern SaaS and cloud services, not just on-prem systems.
Explore More Security Operations
View all termsEndpoint Detection and Response (EDR)
Security software that monitors endpoints for malicious activity, enabling rapid detection and containment.
Read more →Security Operations Center (SOC)
A dedicated function responsible for monitoring, detecting, and responding to cybersecurity threats in real time.
Read more →Vulnerability Management
The continuous process of identifying, prioritizing, and remediating security weaknesses in systems and applications.
Read more →