Definition

Security Information and Event Management (SIEM) is the central platform for aggregating, correlating, and analyzing security event data - endpoint logs, network logs, identity events, application logs, cloud events. Major SIEMs: Splunk, Microsoft Sentinel, IBM QRadar, Elastic Security, Sumo Logic, Chronicle. The SIEM is the operational hub of the security operations center (SOC); detection content runs against the SIEM's data, alerts flow to analysts, investigations happen in the SIEM's search interface. Modern SIEMs increasingly include UEBA (behavior analytics), SOAR (automated response), and threat hunting workspaces. SIEM and EDR are complementary: EDR provides deep endpoint telemetry, SIEM provides cross-source correlation.

Related terms