Home/Glossary/Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM)

A platform that ingests security telemetry, correlates events, and surfaces alerts for investigation.

Security OperationsAlso called: "siem platform"

SIEM systems collect logs from endpoints, cloud services, firewalls, and applications to detect suspicious behavior.

What a SIEM does

  • Normalizes diverse log sources into a single schema.
  • Applies detection rules and machine learning to find anomalies.
  • Automates response actions through SOAR integrations.
  • Supports compliance reporting with long-term log retention.

Operational considerations

  • Tune detections to reduce false positives.
  • Establish runbooks for how analysts should triage alerts.
  • Ensure data sources cover modern SaaS and cloud services, not just on-prem systems.

Related Tools

Related Articles

View all articles
Physical Security & CPTED: The Complete Guide to Protecting Facilities, Data Centers, and Critical Assets

Physical Security & CPTED: The Complete Guide to Protecting Facilities, Data Centers, and Critical Assets

A comprehensive guide to physical security covering CPTED principles, security zones, access control, fire suppression, and environmental controls for protecting facilities and data centers.

Read article →
Case Study | How to do Cybersecurity Across a Distributed Organization | IHQ

Case Study | How to do Cybersecurity Across a Distributed Organization | IHQ

Transforming Eight Healthcare Subsidiaries in Three Months

Read article →
Case Study: Airline Cybersecurity Strengthening

Case Study: Airline Cybersecurity Strengthening

From Active Breach to Robust Defense: A Comprehensive Cybersecurity Transformation

Read article →
Choosing Between MDR, EDR, MSSP, XDR, and SOC

Choosing Between MDR, EDR, MSSP, XDR, and SOC

In today’s rapidly evolving digital landscape, cyber threats are more sophisticated, frequent, and damaging than ever before. Businesses face everything from ransomware attacks and phishing schemes to...

Read article →

Explore More Security Operations

View all terms

Chronicle Security Operations

Google Cloud security analytics platform that provides threat detection, investigation, and response using Google infrastructure and intelligence.

Read more →

Endpoint Detection and Response (EDR)

Security software that monitors endpoints for malicious activity, enabling rapid detection and containment.

Read more →

Managed Detection and Response (MDR)

A security service that combines technology and human expertise to detect, investigate, and respond to threats 24/7.

Read more →

Microsoft Sentinel

Microsoft cloud-native SIEM and SOAR solution that provides intelligent security analytics and threat detection across the enterprise.

Read more →

SBOM (Software Bill of Materials)

A comprehensive inventory of all components, libraries, and dependencies that make up a software application, enabling transparency in the software supply chain.

Read more →

Secrets Management

The practice and tooling for securely storing, accessing, rotating, and auditing sensitive credentials like API keys, passwords, certificates, and encryption keys.

Read more →
Back to glossary