SIEM stands for Security Information and Event Management and is a software product that can be installed centrally or used as a cloud service. As the name suggests, it is used to collect, process, present and analyze incidents and security information of all kinds. It helps to identify known vulnerabilities in software products. Using anomaly detection and machine learning, it can identify incidents that might otherwise have been lost in the noise of data.
A SIEM sources its intelligence from log files and events of all kinds, such as those from operating systems, endpoint protection software, databases and other applications, firewalls, routers, wireless access points and so on. The display usually takes place in real time.
Here’s a screenshot of Microsoft’s SIEM “Sentinel” in a graphical incident view. Sentinel unfolds its potential in Microsoft environments, as one might suspect, and also works in heterogeneous and hybrid environments.