Home/Glossary/Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM)

A platform that ingests security telemetry, correlates events, and surfaces alerts for investigation.

Security OperationsAlso called: "siem platform"

SIEM systems collect logs from endpoints, cloud services, firewalls, and applications to detect suspicious behavior.

What a SIEM does

  • Normalizes diverse log sources into a single schema.
  • Applies detection rules and machine learning to find anomalies.
  • Automates response actions through SOAR integrations.
  • Supports compliance reporting with long-term log retention.

Operational considerations

  • Tune detections to reduce false positives.
  • Establish runbooks for how analysts should triage alerts.
  • Ensure data sources cover modern SaaS and cloud services, not just on-prem systems.

Related Tools

Related Articles

View all articles
Physical Security & CPTED: The Complete Guide to Protecting Facilities, Data Centers, and Critical Assets

Physical Security & CPTED: The Complete Guide to Protecting Facilities, Data Centers, and Critical Assets

A comprehensive guide to physical security covering CPTED principles, security zones, access control, fire suppression, and environmental controls for protecting facilities and data centers.

Read article →
Affiliate Disclosure

Affiliate Disclosure

Read article →
Case Study | How to do Cybersecurity Across a Distributed Organization | IHQ

Case Study | How to do Cybersecurity Across a Distributed Organization | IHQ

Transforming Eight Healthcare Subsidiaries in Three Months

Read article →
Case Study: Airline Cybersecurity Strengthening

Case Study: Airline Cybersecurity Strengthening

From Active Breach to Robust Defense: A Comprehensive Cybersecurity Transformation

Read article →

Explore More Security Operations

View all terms

Chronicle Security Operations

Google Cloud security analytics platform that provides threat detection, investigation, and response using Google infrastructure and intelligence.

Read more →

Endpoint Detection and Response (EDR)

Security software that monitors endpoints for malicious activity, enabling rapid detection and containment.

Read more →

Managed Detection and Response (MDR)

A security service that combines technology and human expertise to detect, investigate, and respond to threats 24/7.

Read more →

Microsoft Sentinel

Microsoft cloud-native SIEM and SOAR solution that provides intelligent security analytics and threat detection across the enterprise.

Read more →

SBOM (Software Bill of Materials)

A comprehensive inventory of all components, libraries, and dependencies that make up a software application, enabling transparency in the software supply chain.

Read more →

Secrets Management

The practice and tooling for securely storing, accessing, rotating, and auditing sensitive credentials like API keys, passwords, certificates, and encryption keys.

Read more →
Back to glossary