A system that collects and correlates log and event data across an organization to detect and investigate security incidents.
A SIEM aggregates logs and events from systems, applications, and security tools into one place, then correlates them to spot patterns that signal an attack. It supports real-time alerting and after-the-fact investigation.
By centralizing data and applying detection rules, a SIEM gives security teams visibility they would not get from individual systems and is often the core of a security operations center.
KaitoSec