Back to course

Security Information and Event Management (SIEM) Concepts

Cyber Security Mastery: From Zero to Hero

SIEM: Centralized Security Intelligence

Systems, networks, firewalls, and applications all generate thousands of log entries every second. A human cannot monitor this volume of data.

A SIEM (Security Information and Event Management) system centralizes, correlates, and analyzes security data from multiple sources to provide a unified view of the security posture.

SIEM Functions

  1. Aggregation: Gathers logs from everything (servers, network devices, applications) into one place.
  2. Normalization: Translates diverse log formats into a common format.
  3. Correlation: Uses rules to link seemingly unrelated events to identify a security incident (e.g., 'Failed login on server A followed by successful login on server B using the same username').
  4. Alerting: Generates high-priority alerts for security analysts.

Example Tools: Splunk, ELK Stack (Elasticsearch, Logstash, Kibana), Microsoft Sentinel.