A SIEM system is a tool that an organization uses to collect, analyze, and perform security operations on its computer systems. Those systems can be hardware appliances, applications, or both.
In its simplest form, a SIEM system enables you to:
- Collect and query logs.
- Do some form of correlation or anomaly detection.
- Create alerts and incidents based on your findings.
A SIEM system might offer functionality such as:
- Log management: The ability to collect, store, and query the log data from resources within your environment.
- Alerting: A proactive look inside the log data for potential security incidents and anomalies.
- Visualization: Graphs and dashboards that provide visual insights into your log data.
- Incident management: The ability to create, update, assign, and investigate incidents that have been identified.
- Querying data: A rich query language, similar to that for log management, that you can use to query and understand your data.