What is Security Information and Event Management?

A platform that aggregates, normalizes, and correlates security event data from across an organization's infrastructure to support threat detection, incident investigation, and compliance reporting. SIEMs apply detection rules and behavioral analytics to identify attacks in progress and provide the audit trail needed for incident forensics and regulatory requirements. Modern SIEMs increasingly incorporate user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR) capabilities.

Related terms