Cybersecurity

Security Information and Event Management

Acronym : SIEM

A SIEM centralizes and correlates event logs across the entire information system to detect attack patterns invisible when looking at any single source alone.

Why it matters

Without centralized correlation, an attack spread across several systems (firewall, server, workstation) often goes unnoticed until the damage becomes visible.

Concrete example

A company's SIEM correlates failed VPN login attempts with unusual activity on a file server to trigger a single consolidated alert.

Related notions

Log managementEvent correlationSecurity monitoring

Assess your organization's maturity on this topic

Start the diagnostic
Back to glossary