<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Security information and event management - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"feadb403-89c3-4ffe-b88b-16b1c5242d5d","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Security_information_and_event_management","wgTitle":"Security information and event management","wgCurRevisionId":1276057973,"wgRevisionId":1276057973,"wgArticleId":27262733,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Webarchive template wayback links","Articles with short description","Short description is different from Wikidata","All articles with unsourced statements","Articles with unsourced statements from January 2024","Wikipedia articles needing clarification from March 2016","Data security"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName": "Security_information_and_event_management","wgRelevantArticleId":27262733,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":30000,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q3493999","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"] ,"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","mediawiki.page.media","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar", "ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&amp;modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&amp;only=styles&amp;skin=vector-2022"> <script async="" src="/w/load.php?lang=en&amp;modules=startup&amp;only=scripts&amp;raw=1&amp;skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&amp;modules=site.styles&amp;only=styles&amp;skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.16"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Security information and event management - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Security_information_and_event_management"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Security_information_and_event_management&amp;action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Security_information_and_event_management"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&amp;feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Security_information_and_event_management rootpage-Security_information_and_event_management skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" title="Main menu" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li><li id="n-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages"><span>Special pages</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page&#039;s font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/?wmf_source=donate&amp;wmf_medium=sidebar&amp;wmf_campaign=en.wikipedia.org&amp;uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&amp;returnto=Security+information+and+event+management" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&amp;returnto=Security+information+and+event+management" title="You&#039;re encouraged to log in; however, it&#039;s not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/?wmf_source=donate&amp;wmf_medium=sidebar&amp;wmf_campaign=en.wikipedia.org&amp;uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&amp;returnto=Security+information+and+event+management" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&amp;returnto=Security+information+and+event+management" title="You&#039;re encouraged to log in; however, it&#039;s not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"><!-- CentralNotice --></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-History" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#History"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>History</span> </div> </a> <ul id="toc-History-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Information_assurance" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Information_assurance"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>Information assurance</span> </div> </a> <ul id="toc-Information_assurance-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Terminology" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Terminology"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Terminology</span> </div> </a> <ul id="toc-Terminology-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Capabilities" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Capabilities"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Capabilities</span> </div> </a> <ul id="toc-Capabilities-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Components" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Components"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>Components</span> </div> </a> <ul id="toc-Components-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Use_cases" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Use_cases"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>Use cases</span> </div> </a> <ul id="toc-Use_cases-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Correlation_rules_examples" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Correlation_rules_examples"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>Correlation rules examples</span> </div> </a> <button aria-controls="toc-Correlation_rules_examples-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Correlation rules examples subsection</span> </button> <ul id="toc-Correlation_rules_examples-sublist" class="vector-toc-list"> <li id="toc-Brute_Force_Detection" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Brute_Force_Detection"> <div class="vector-toc-text"> <span class="vector-toc-numb">7.1</span> <span>Brute Force Detection</span> </div> </a> <ul id="toc-Brute_Force_Detection-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Impossible_Travel" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Impossible_Travel"> <div class="vector-toc-text"> <span class="vector-toc-numb">7.2</span> <span>Impossible Travel</span> </div> </a> <ul id="toc-Impossible_Travel-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Excessive_File_Copying" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Excessive_File_Copying"> <div class="vector-toc-text"> <span class="vector-toc-numb">7.3</span> <span>Excessive File Copying</span> </div> </a> <ul id="toc-Excessive_File_Copying-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Network_Anomaly_Detection" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Network_Anomaly_Detection"> <div class="vector-toc-text"> <span class="vector-toc-numb">7.4</span> <span>Network Anomaly Detection</span> </div> </a> <ul id="toc-Network_Anomaly_Detection-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-DDoS_Attack" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#DDoS_Attack"> <div class="vector-toc-text"> <span class="vector-toc-numb">7.5</span> <span>DDoS Attack</span> </div> </a> <ul id="toc-DDoS_Attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-File_Integrity_Change" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#File_Integrity_Change"> <div class="vector-toc-text"> <span class="vector-toc-numb">7.6</span> <span>File Integrity Change</span> </div> </a> <ul id="toc-File_Integrity_Change-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Alerting_examples" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Alerting_examples"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>Alerting examples</span> </div> </a> <ul id="toc-Alerting_examples-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">9</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">10</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">11</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" title="Table of Contents" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Security information and event management</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 17 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-17" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">17 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-ar mw-list-item"><a href="https://ar.wikipedia.org/wiki/%D8%A5%D8%AF%D8%A7%D8%B1%D8%A9_%D8%A7%D9%84%D9%85%D8%B9%D9%84%D9%88%D9%85%D8%A7%D8%AA_%D9%88%D8%A7%D9%84%D8%A3%D8%AD%D8%AF%D8%A7%D8%AB_%D8%A7%D9%84%D8%A3%D9%85%D9%86%D9%8A%D8%A9" title="إدارة المعلومات والأحداث الأمنية – Arabic" lang="ar" hreflang="ar" data-title="إدارة المعلومات والأحداث الأمنية" data-language-autonym="العربية" data-language-local-name="Arabic" class="interlanguage-link-target"><span>العربية</span></a></li><li class="interlanguage-link interwiki-az mw-list-item"><a href="https://az.wikipedia.org/wiki/%C4%B0nformasiya_t%C9%99hl%C3%BCk%C9%99sizliyi_v%C9%99_hadis%C9%99_idar%C9%99etm%C9%99si" title="İnformasiya təhlükəsizliyi və hadisə idarəetməsi – Azerbaijani" lang="az" hreflang="az" data-title="İnformasiya təhlükəsizliyi və hadisə idarəetməsi" data-language-autonym="Azərbaycanca" data-language-local-name="Azerbaijani" class="interlanguage-link-target"><span>Azərbaycanca</span></a></li><li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Informaci%C3%B3_de_seguretat_i_gesti%C3%B3_d%27esdeveniments_(SIEM)" title="Informació de seguretat i gestió d&#039;esdeveniments (SIEM) – Catalan" lang="ca" hreflang="ca" data-title="Informació de seguretat i gestió d&#039;esdeveniments (SIEM)" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target"><span>Català</span></a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Security_Information_and_Event_Management" title="Security Information and Event Management – Czech" lang="cs" hreflang="cs" data-title="Security Information and Event Management" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Security_Information_and_Event_Management" title="Security Information and Event Management – German" lang="de" hreflang="de" data-title="Security Information and Event Management" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Gesti%C3%B3n_de_informaci%C3%B3n_y_eventos_de_seguridad" title="Gestión de información y eventos de seguridad – Spanish" lang="es" hreflang="es" data-title="Gestión de información y eventos de seguridad" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-eu mw-list-item"><a href="https://eu.wikipedia.org/wiki/SIEM" title="SIEM – Basque" lang="eu" hreflang="eu" data-title="SIEM" data-language-autonym="Euskara" data-language-local-name="Basque" class="interlanguage-link-target"><span>Euskara</span></a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D8%B3%DB%8C%D8%B3%D8%AA%D9%85_%D9%85%D8%AF%DB%8C%D8%B1%DB%8C%D8%AA_%D8%A7%D8%B7%D9%84%D8%A7%D8%B9%D8%A7%D8%AA_%D9%88_%D8%B1%D9%88%DB%8C%D8%AF%D8%A7%D8%AF%D9%87%D8%A7%DB%8C_%D8%A7%D9%85%D9%86%DB%8C%D8%AA%DB%8C" title="سیستم مدیریت اطلاعات و رویدادهای امنیتی – Persian" lang="fa" hreflang="fa" data-title="سیستم مدیریت اطلاعات و رویدادهای امنیتی" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target"><span>فارسی</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Security_information_and_event_management" title="Security information and event management – French" lang="fr" hreflang="fr" data-title="Security information and event management" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EB%B3%B4%EC%95%88_%EC%A0%95%EB%B3%B4%EC%99%80_%EC%9D%B4%EB%B2%A4%ED%8A%B8_%EA%B4%80%EB%A6%AC" title="보안 정보와 이벤트 관리 – Korean" lang="ko" hreflang="ko" data-title="보안 정보와 이벤트 관리" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Security_Information_and_Event_Management" title="Security Information and Event Management – Italian" lang="it" hreflang="it" data-title="Security Information and Event Management" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target"><span>Italiano</span></a></li><li class="interlanguage-link interwiki-he mw-list-item"><a href="https://he.wikipedia.org/wiki/SIEM" title="SIEM – Hebrew" lang="he" hreflang="he" data-title="SIEM" data-language-autonym="עברית" data-language-local-name="Hebrew" class="interlanguage-link-target"><span>עברית</span></a></li><li class="interlanguage-link interwiki-ml mw-list-item"><a href="https://ml.wikipedia.org/wiki/%E0%B4%B8%E0%B5%86%E0%B4%95%E0%B5%8D%E0%B4%AF%E0%B5%81%E0%B4%B0%E0%B4%BF%E0%B4%B1%E0%B5%8D%E0%B4%B1%E0%B4%BF_%E0%B4%87%E0%B5%BB%E0%B4%AB%E0%B5%8B%E0%B5%BC%E0%B4%AE%E0%B5%87%E0%B4%B7%E0%B5%BB_%E0%B4%86%E0%B5%BB%E0%B4%A1%E0%B5%8D_%E0%B4%87%E0%B4%B5%E0%B4%A8%E0%B5%8D%E0%B4%B1%E0%B5%8D_%E0%B4%AE%E0%B4%BE%E0%B4%A8%E0%B5%87%E0%B4%9C%E0%B5%8D%E0%B4%AE%E0%B5%86%E0%B4%A8%E0%B5%8D%E0%B4%B1%E0%B5%8D" title="സെക്യുരിറ്റി ഇൻഫോർമേഷൻ ആൻഡ് ഇവന്റ് മാനേജ്മെന്റ് – Malayalam" lang="ml" hreflang="ml" data-title="സെക്യുരിറ്റി ഇൻഫോർമേഷൻ ആൻഡ് ഇവന്റ് മാനേജ്മെന്റ്" data-language-autonym="മലയാളം" data-language-local-name="Malayalam" class="interlanguage-link-target"><span>മലയാളം</span></a></li><li class="interlanguage-link interwiki-pt mw-list-item"><a href="https://pt.wikipedia.org/wiki/Gerenciamento_e_Correla%C3%A7%C3%A3o_de_Eventos_de_Seguran%C3%A7a" title="Gerenciamento e Correlação de Eventos de Segurança – Portuguese" lang="pt" hreflang="pt" data-title="Gerenciamento e Correlação de Eventos de Segurança" data-language-autonym="Português" data-language-local-name="Portuguese" class="interlanguage-link-target"><span>Português</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/SIEM" title="SIEM – Russian" lang="ru" hreflang="ru" data-title="SIEM" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-tr mw-list-item"><a href="https://tr.wikipedia.org/wiki/G%C3%BCvenlik_bilgi_ve_olay_y%C3%B6netimi" title="Güvenlik bilgi ve olay yönetimi – Turkish" lang="tr" hreflang="tr" data-title="Güvenlik bilgi ve olay yönetimi" data-language-autonym="Türkçe" data-language-local-name="Turkish" class="interlanguage-link-target"><span>Türkçe</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/SIEM" title="SIEM – Ukrainian" lang="uk" hreflang="uk" data-title="SIEM" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q3493999#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Security_information_and_event_management" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Security_information_and_event_management" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Security_information_and_event_management"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Security_information_and_event_management&amp;action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Security_information_and_event_management"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Security_information_and_event_management&amp;action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Security_information_and_event_management" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Security_information_and_event_management" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Security_information_and_event_management&amp;oldid=1276057973" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Security_information_and_event_management&amp;action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&amp;page=Security_information_and_event_management&amp;id=1276057973&amp;wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&amp;url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSecurity_information_and_event_management"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&amp;url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSecurity_information_and_event_management"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&amp;page=Security_information_and_event_management&amp;action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Security_information_and_event_management&amp;printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q3493999" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Computer security</div><p><b>Security information and event management (SIEM)</b> is a field within <a href="/wiki/Computer_security" title="Computer security">computer security</a> that combines <a href="/wiki/Security_information_management" title="Security information management">security information management</a> (SIM) and <a href="/wiki/Security_event_management" title="Security event management">security event management</a> (SEM) to enable real-time analysis of security alerts generated by applications and network hardware.<sup id="cite_ref-WIS_1_1-0" class="reference"><a href="#cite_note-WIS_1-1"><span class="cite-bracket">&#91;</span>1<span class="cite-bracket">&#93;</span></a></sup><sup id="cite_ref-GSF_1_2-0" class="reference"><a href="#cite_note-GSF_1-2"><span class="cite-bracket">&#91;</span>2<span class="cite-bracket">&#93;</span></a></sup> SIEM systems are central to <a href="/wiki/Security_operations_center" title="Security operations center">security operations centers</a> (SOCs), where they are employed to detect, investigate, and respond to security incidents.<sup id="cite_ref-3" class="reference"><a href="#cite_note-3"><span class="cite-bracket">&#91;</span>3<span class="cite-bracket">&#93;</span></a></sup> SIEM technology collects and aggregates data from various systems, allowing organizations to meet compliance requirements while safeguarding against <a href="/wiki/Cyberattack" title="Cyberattack">threats</a>. National Institute of Standards and Technology (NIST) definition for SIEM tool is application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface.<sup id="cite_ref-4" class="reference"><a href="#cite_note-4"><span class="cite-bracket">&#91;</span>4<span class="cite-bracket">&#93;</span></a></sup> </p><p>SIEM tools can be implemented as software, hardware, or managed services.<sup id="cite_ref-drdobbs2007_5-0" class="reference"><a href="#cite_note-drdobbs2007-5"><span class="cite-bracket">&#91;</span>5<span class="cite-bracket">&#93;</span></a></sup> SIEM systems log security events and generating reports to meet regulatory frameworks such as the <a href="/wiki/Health_Insurance_Portability_and_Accountability_Act" title="Health Insurance Portability and Accountability Act">Health Insurance Portability and Accountability Act</a> (HIPAA) and the <a href="/wiki/Payment_Card_Industry_Data_Security_Standard" title="Payment Card Industry Data Security Standard">Payment Card Industry Data Security Standard</a> (PCI DSS). The integration of SIM and SEM within SIEM provides organizations with a centralized approach for monitoring security events and responding to threats in real-time. </p><p>First introduced by <a href="/wiki/Gartner" title="Gartner">Gartner</a> analysts Mark Nicolett and Amrit Williams in 2005, the term SIEM has evolved to incorporate advanced features such as threat intelligence and behavioral analytics, which allow SIEM solutions to manage complex cybersecurity threats, including <a href="/wiki/Zero-day_vulnerability" title="Zero-day vulnerability">zero-day vulnerabilities</a> and <a href="/wiki/Polymorphic_code" title="Polymorphic code">polymorphic malware</a>. </p><p>In recent years, SIEM has become increasingly incorporated into national cybersecurity initiatives. For instance, Executive Order 14028 signed in 2021 by U.S. President Joseph Biden mandates the use of SIEM technologies to improve incident detection and reporting in federal systems. Compliance with these mandates is further reinforced by frameworks such as NIST SP 800-92, which outlines best practices for managing computer security logs.<sup id="cite_ref-GSF_1_2-1" class="reference"><a href="#cite_note-GSF_1-2"><span class="cite-bracket">&#91;</span>2<span class="cite-bracket">&#93;</span></a></sup> </p><p>Modern SIEM platforms are aggregating and normalizing data not only from various <a href="/wiki/Information_technology" title="Information technology">Information Technology (IT)</a> sources, but from production and manufacturing <a href="/wiki/Operational_technology" title="Operational technology">Operational Technology (OT)</a> environments as well. </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="History">History</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=1" title="Edit section: History"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Initially, <a href="/wiki/Logging_(computing)" title="Logging (computing)">system logging</a> was primarily used for troubleshooting and debugging. However, as operating systems and networks have grown more complex, so has the generation of system logs. The monitoring of system logs has also become increasingly common due to the rise of sophisticated <a href="/wiki/Cyberattack" title="Cyberattack">cyberattacks</a> and the need for compliance with regulatory frameworks, which mandate logging <a href="/wiki/Security_controls" title="Security controls">security controls</a> within <a href="/wiki/Risk_Management_Framework" title="Risk Management Framework">risk management frameworks</a> (RMF). </p><p>Starting in the late 1970s, working groups began establishing criteria for managing auditing and monitoring programs, laying the groundwork for modern cybersecurity practices, such as insider threat detection and incident response. A key publication during this period was NIST’s Special Publication 500-19.<sup id="cite_ref-AE_1_6-0" class="reference"><a href="#cite_note-AE_1-6"><span class="cite-bracket">&#91;</span>6<span class="cite-bracket">&#93;</span></a></sup> </p><p>In 2005, the term "SIEM" (Security Information and Event Management) was introduced by Gartner analysts Mark Nicolett and Amrit Williams. SIEM systems provide a single interface for gathering security data from information systems and presenting it as actionable intelligence.<sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span class="cite-bracket">&#91;</span>7<span class="cite-bracket">&#93;</span></a></sup> The <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">National Institute of Standards and Technology</a> provides the following definition of SIEM: "Application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface."<sup id="cite_ref-GSF_1_2-2" class="reference"><a href="#cite_note-GSF_1-2"><span class="cite-bracket">&#91;</span>2<span class="cite-bracket">&#93;</span></a></sup>&#160;In addition, NIST has designed and implemented a federally mandated RMF. </p><p>With the implementation of RMFs globally, auditing and monitoring have become central to <a href="/wiki/Information_assurance" title="Information assurance">information assurance</a> and security. Cybersecurity professionals now rely on logging data to perform real-time security functions, driven by governance models that incorporate these processes into analytical tasks. As information assurance matured in the late 1990s and into the 2000s, the need to centralize system logs became apparent. Centralized log management allows for easier oversight and coordination across networked systems. </p><p>On May 17, 2021, U.S. President Joseph Biden signed Executive Order 14028, "Improving the Nation's Cybersecurity," which established further logging requirements, including audit logging and endpoint protection, to enhance incident response capabilities.<sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">&#91;</span>8<span class="cite-bracket">&#93;</span></a></sup> This order was a response to an increase in <a href="/wiki/Ransomware" title="Ransomware">ransomware</a> attacks targeting critical infrastructure. By reinforcing information assurance controls within RMFs, the order aimed to drive compliance and secure funding for cybersecurity initiatives. </p> <div class="mw-heading mw-heading2"><h2 id="Information_assurance">Information assurance</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=2" title="Edit section: Information assurance"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Published in September 2006, the NIST SP 800-92 Guide to Computer Security Log Management serves as a key document within the <a href="/wiki/Risk_Management_Framework" title="Risk Management Framework">NIST Risk Management Framework</a> to guide what should be auditable. As indicated by the absence of the term "SIEM", the document was released before the widespread adoption of SIEM technologies.<sup id="cite_ref-GCLM_1_9-0" class="reference"><a href="#cite_note-GCLM_1-9"><span class="cite-bracket">&#91;</span>9<span class="cite-bracket">&#93;</span></a></sup><sup id="cite_ref-Computer_Security_Division_10-0" class="reference"><a href="#cite_note-Computer_Security_Division-10"><span class="cite-bracket">&#91;</span>10<span class="cite-bracket">&#93;</span></a></sup> Although the guide is not exhaustive due to rapid changes in technology since its publication, it remains relevant by anticipating industry growth. NIST is not the only source of guidance on regulatory mechanisms for auditing and monitoring, and many organizations are encouraged to adopt SIEM solutions rather than relying solely on host-based checks. </p><p>Several regulations and standards reference NIST’s logging guidance, including the Federal Information Security Management Act (FISMA),<sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">&#91;</span>11<span class="cite-bracket">&#93;</span></a></sup> Gramm-Leach-Bliley Act (GLBA),<sup id="cite_ref-12" class="reference"><a href="#cite_note-12"><span class="cite-bracket">&#91;</span>12<span class="cite-bracket">&#93;</span></a></sup> Health Insurance Portability and Accountability Act (HIPAA),<sup id="cite_ref-13" class="reference"><a href="#cite_note-13"><span class="cite-bracket">&#91;</span>13<span class="cite-bracket">&#93;</span></a></sup> Sarbanes-Oxley Act (SOX) of 2002,<sup id="cite_ref-14" class="reference"><a href="#cite_note-14"><span class="cite-bracket">&#91;</span>14<span class="cite-bracket">&#93;</span></a></sup> Payment Card Industry Data Security Standard (PCI DSS),<sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">&#91;</span>15<span class="cite-bracket">&#93;</span></a></sup> and ISO 27001.<sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">&#91;</span>16<span class="cite-bracket">&#93;</span></a></sup> Public and private organizations frequently reference NIST documents in their security policies. </p><p>NIST SP 800-53 AU-2 Event Monitoring is a key security control that supports system auditing and ensures continuous monitoring for information assurance and cybersecurity operations. SIEM solutions are typically employed as central tools for these efforts. Federal systems categorized based on their impact on confidentiality, integrity, and availability (CIA) have five specific logging requirements (AU-2 a-e) that must be met.<sup id="cite_ref-RM_1_17-0" class="reference"><a href="#cite_note-RM_1-17"><span class="cite-bracket">&#91;</span>17<span class="cite-bracket">&#93;</span></a></sup> While logging every action is possible, it is generally not recommended due to the volume of logs and the need for actionable security data. AU-2 provides a foundation for organizations to build a logging strategy that aligns with other controls. </p><p>NIST SP 800-53 SI-4 System Monitoring outlines the requirements for monitoring systems, including detecting unauthorized access and tracking anomalies, malware, and potential attacks. This security control specifies both the hardware and software requirements for detecting suspicious activities.<sup id="cite_ref-:1_18-0" class="reference"><a href="#cite_note-:1-18"><span class="cite-bracket">&#91;</span>18<span class="cite-bracket">&#93;</span></a></sup> Similarly, NIST SP 800-53 RA-10 Threat Hunting, added in Revision 5, emphasizes proactive network defense by identifying threats that evade traditional controls. SIEM solutions play a critical role in aggregating security information for threat hunting teams.<sup id="cite_ref-SPC_1_19-0" class="reference"><a href="#cite_note-SPC_1-19"><span class="cite-bracket">&#91;</span>19<span class="cite-bracket">&#93;</span></a></sup> </p><p>Together, AU-2, SI-4, and RA-10 demonstrate how NIST controls integrate into a comprehensive security strategy. These controls, supported by SIEM solutions, help ensure continuous monitoring, risk assessments, and in-depth defense mechanisms across federal and private networks.<sup id="cite_ref-SPC_1_19-1" class="reference"><a href="#cite_note-SPC_1-19"><span class="cite-bracket">&#91;</span>19<span class="cite-bracket">&#93;</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Terminology">Terminology</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=3" title="Edit section: Terminology"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The acronyms <i>SEM</i>, <i>SIM</i> and <i>SIEM</i> have sometimes been used interchangeably,<sup id="cite_ref-Generic_20-0" class="reference"><a href="#cite_note-Generic-20"><span class="cite-bracket">&#91;</span>20<span class="cite-bracket">&#93;</span></a></sup> but generally refer to the different primary focus of products: </p> <ul><li><i><a href="/wiki/Log_management" title="Log management">Log management</a></i>: Focus on simple collection and storage of <a href="/wiki/Data_logging" class="mw-redirect" title="Data logging">log messages</a> and <a href="/wiki/Audit_trail" title="Audit trail">audit trails</a>.<sup id="cite_ref-GCLM_1_9-1" class="reference"><a href="#cite_note-GCLM_1-9"><span class="cite-bracket">&#91;</span>9<span class="cite-bracket">&#93;</span></a></sup></li> <li><i>Security information management</i> (<a href="/wiki/Security_information_management" title="Security information management">SIM</a>): Long-term storage as well as analysis and reporting of log data.<sup id="cite_ref-r1_21-0" class="reference"><a href="#cite_note-r1-21"><span class="cite-bracket">&#91;</span>21<span class="cite-bracket">&#93;</span></a></sup></li> <li><i>Security event manager</i> (<a href="/wiki/Security_event_manager" class="mw-redirect" title="Security event manager">SEM</a>): Real-time monitoring, correlation of events, notifications and console views.</li> <li><i>Security information and event management</i> (SIEM): Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.<sup id="cite_ref-drdobbs2007_5-1" class="reference"><a href="#cite_note-drdobbs2007-5"><span class="cite-bracket">&#91;</span>5<span class="cite-bracket">&#93;</span></a></sup><sup class="noprint Inline-Template Template-Fact" style="white-space:nowrap;">&#91;<i><a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed"><span title="blog (January 2024)">citation needed</span></a></i>&#93;</sup></li> <li><i>Managed Security Service:</i> (<a href="/wiki/Managed_security_service" title="Managed security service">MSS</a>) or <i>Managed Security Service Provider:</i> (MSSP): The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, <a href="/wiki/Virtualization" title="Virtualization">virtualization</a>, and disaster recovery.</li> <li><i>Security as a service (<a href="/wiki/SECaaS" class="mw-redirect" title="SECaaS">SECaaS</a>)</i>: These security services often include <a href="/wiki/Authentication" title="Authentication">authentication</a>, <a href="/wiki/Anti-virus" class="mw-redirect" title="Anti-virus">anti-virus</a>, <a href="/wiki/Anti-malware" class="mw-redirect" title="Anti-malware">anti-malware</a>/spyware, <a href="/wiki/Intrusion_detection" class="mw-redirect" title="Intrusion detection">intrusion detection</a>, penetration testing and security event management, among others.</li></ul> <p>In practice many products in this area will have a mix of these functions, so there will often be some overlap – and many commercial vendors also promote their own terminology.<sup id="cite_ref-22" class="reference"><a href="#cite_note-22"><span class="cite-bracket">&#91;</span>22<span class="cite-bracket">&#93;</span></a></sup> Oftentimes commercial vendors provide different combinations of these functionalities which tend to improve SIEM overall. Log management alone doesn't provide real-time insights on network security, SEM on its own won't provide complete data for deep threat analysis. When SEM and log management are combined, more information is available for SIEM to monitor. </p><p>A key focus is to monitor and help manage user and service privileges, <a href="/wiki/Directory_services" class="mw-redirect" title="Directory services">directory services</a> and other<sup class="noprint Inline-Template" style="margin-left:0.1em; white-space:nowrap;">&#91;<i><a href="/wiki/Wikipedia:Please_clarify" title="Wikipedia:Please clarify"><span title="The text near this tag may need clarification or removal of jargon. (March 2016)">clarification needed</span></a></i>&#93;</sup> system-configuration changes; as well as providing log auditing and review and incident response.<sup id="cite_ref-r1_21-1" class="reference"><a href="#cite_note-r1-21"><span class="cite-bracket">&#91;</span>21<span class="cite-bracket">&#93;</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Capabilities">Capabilities</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=4" title="Edit section: Capabilities"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><b>Data aggregation:</b> <a href="/wiki/Log_management" title="Log management">Log management</a> aggregates data from many sources, including networks, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.</li> <li><b>Correlation:</b> Looks for common attributes and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the Security Event Management portion of a full SIEM solution.<sup id="cite_ref-23" class="reference"><a href="#cite_note-23"><span class="cite-bracket">&#91;</span>23<span class="cite-bracket">&#93;</span></a></sup></li> <li><b>Alerting:</b> The automated analysis of correlated events.</li> <li><b>Dashboards:</b> Tools can take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.</li> <li><b>Compliance:</b> Applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.<sup id="cite_ref-accelops.net_24-0" class="reference"><a href="#cite_note-accelops.net-24"><span class="cite-bracket">&#91;</span>24<span class="cite-bracket">&#93;</span></a></sup></li> <li><b>Retention:</b> Employing long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements. The Long term log <a href="/wiki/Data_retention" title="Data retention">data retention</a> is critical in forensic investigations as it is unlikely that the discovery of a network breach will be at the time of the breach occurring.<sup id="cite_ref-25" class="reference"><a href="#cite_note-25"><span class="cite-bracket">&#91;</span>25<span class="cite-bracket">&#93;</span></a></sup></li> <li><b>Forensic analysis:</b> The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your head or having to search through thousands and thousands of logs.<sup id="cite_ref-accelops.net_24-1" class="reference"><a href="#cite_note-accelops.net-24"><span class="cite-bracket">&#91;</span>24<span class="cite-bracket">&#93;</span></a></sup></li></ul> <div class="mw-heading mw-heading2"><h2 id="Components">Components</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=5" title="Edit section: Components"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Basic_SIEM_Infrastructure.png" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/8/81/Basic_SIEM_Infrastructure.png/220px-Basic_SIEM_Infrastructure.png" decoding="async" width="220" height="123" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/8/81/Basic_SIEM_Infrastructure.png/330px-Basic_SIEM_Infrastructure.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/8/81/Basic_SIEM_Infrastructure.png/440px-Basic_SIEM_Infrastructure.png 2x" data-file-width="2678" data-file-height="1496" /></a><figcaption>Basic SIEM Infrastructure</figcaption></figure> <p>SIEM architectures may vary by vendor; however, generally, essential components comprise the SIEM engine. The essential components of a SIEM are as follows:<sup id="cite_ref-26" class="reference"><a href="#cite_note-26"><span class="cite-bracket">&#91;</span>26<span class="cite-bracket">&#93;</span></a></sup> </p> <ul><li>A data collector forwards selected audit logs from a host (agent based or host based log streaming into index and aggregation point) <sup id="cite_ref-27" class="reference"><a href="#cite_note-27"><span class="cite-bracket">&#91;</span>27<span class="cite-bracket">&#93;</span></a></sup><sup id="cite_ref-:4_28-0" class="reference"><a href="#cite_note-:4-28"><span class="cite-bracket">&#91;</span>28<span class="cite-bracket">&#93;</span></a></sup></li> <li>An ingest and indexing point aggregation point for parsing, correlation, and <a href="/wiki/Data_normalization" class="mw-redirect" title="Data normalization">data normalization</a><sup id="cite_ref-29" class="reference"><a href="#cite_note-29"><span class="cite-bracket">&#91;</span>29<span class="cite-bracket">&#93;</span></a></sup></li> <li>A search node that is used for visualization, queries, reports, and alerts (analysis take place on a search node) <sup id="cite_ref-30" class="reference"><a href="#cite_note-30"><span class="cite-bracket">&#91;</span>30<span class="cite-bracket">&#93;</span></a></sup></li></ul> <p>A basic SIEM infrastructure is depicted in the image to the right. </p> <div class="mw-heading mw-heading2"><h2 id="Use_cases">Use cases</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=6" title="Edit section: Use cases"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Computer security researcher <a href="/wiki/Chris_Kubecka" title="Chris Kubecka">Chris Kubecka</a> identified the following SIEM use cases, presented at the hacking conference 28C3 (<a href="/wiki/Chaos_Communication_Congress" title="Chaos Communication Congress">Chaos Communication Congress</a>).<sup id="cite_ref-31" class="reference"><a href="#cite_note-31"><span class="cite-bracket">&#91;</span>31<span class="cite-bracket">&#93;</span></a></sup> </p> <ul><li>SIEM visibility and anomaly detection could help detect <a href="/wiki/Zero-day_(computing)" class="mw-redirect" title="Zero-day (computing)">zero-days</a> or <a href="/wiki/Computer_virus#Polymorphic_code" title="Computer virus">polymorphic code</a>. Primarily due to low rates of <a href="/wiki/Anti-virus" class="mw-redirect" title="Anti-virus">anti-virus</a> detection against this type of rapidly changing malware.</li> <li>Parsing, log normalization and categorization can occur automatically, regardless of the type of computer or network device, as long as it can send a log.</li> <li>Visualization with a SIEM using security events and log failures can aid in pattern detection.</li> <li>Protocol anomalies that can indicate a misconfiguration or a security issue can be identified with a SIEM using pattern detection, alerting, baseline and dashboards.</li> <li>SIEMS can detect covert, malicious communications and encrypted channels.</li> <li><a href="/wiki/Cyberwarfare" title="Cyberwarfare">Cyberwarfare</a> can be detected by SIEMs with accuracy, discovering both attackers and victims.</li></ul> <p>Modern SIEM platforms support not only detection, but response too. The response can be manual or automated including AI based response. For example automated response capabilities of the <a rel="nofollow" class="external text" href="https://www.sentinelone.com/cybersecurity-101/data-and-ai/siem-use-cases/">Singularity™ AI SIEM</a>, including autonomous quarantine of malicious files and termination of harmful processes. It even rolls back changes performed by the threat. </p> <div class="mw-heading mw-heading2"><h2 id="Correlation_rules_examples">Correlation rules examples</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=7" title="Edit section: Correlation rules examples"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>SIEM systems can have hundreds and thousands of correlation rules. Some of these are simple, and some are more complex. Once a correlation rule is triggered the system can take appropriate steps to mitigate a cyber attack. Usually, this includes sending a notification to a user and then possibly limiting or even shutting down the system. </p> <div class="mw-heading mw-heading3"><h3 id="Brute_Force_Detection">Brute Force Detection</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=8" title="Edit section: Brute Force Detection"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Brute force detection is relatively straightforward. Brute forcing relates to continually trying to guess a variable. It most commonly refers to someone trying to constantly guess your password - either manually or with a tool. However, it can refer to trying to guess URLs or important file locations on your system. </p><p>An automated brute force is easy to detect as someone trying to enter their password 60 times in a minute is impossible. </p> <div class="mw-heading mw-heading3"><h3 id="Impossible_Travel">Impossible Travel</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=9" title="Edit section: Impossible Travel"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>When a user logs in to a system, generally speaking, it creates a timestamp of the event. Alongside the time, the system may often record other useful information such as the device used, physical location, IP address, incorrect login attempts, etc. The more data is collected the more use can be gathered from it. For impossible travel, the system looks at the current and last login date/time and the difference between the recorded distances. If it deems it's not possible for this to happen, for example traveling hundreds of miles within a minute, then it will set off a warning. </p><p>Many employees and users are now using VPN services which may obscure physical location. This should be taken into consideration when setting up such a rule. </p> <div class="mw-heading mw-heading3"><h3 id="Excessive_File_Copying">Excessive File Copying</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=10" title="Edit section: Excessive File Copying"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The average user does not typically copy or move files on the system repeatedly. Thus, any excessive file copying on a system could be attributed to an attacker wanting to cause harm to an organization. Unfortunately, it's not as simple as stating someone has gained access to your network illegally and wants to steal confidential information.&#160;It could also be an employee looking to sell company information, or they could just want to take home some files for the weekend. </p> <div class="mw-heading mw-heading3"><h3 id="Network_Anomaly_Detection">Network Anomaly Detection</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=11" title="Edit section: Network Anomaly Detection"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Monitoring network traffic against unusual patterns that includes any threats or attacks ranging from DDOS to network scans. Note SIEM can monitor data flow in the network and to detect and prevent potential data exfiltration efforts. In general dedicated <a href="/wiki/Data_loss_prevention_software" title="Data loss prevention software">Data loss prevention (DLP)</a> take care about data loss prevention. </p> <div class="mw-heading mw-heading3"><h3 id="DDoS_Attack">DDoS Attack</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=12" title="Edit section: DDoS Attack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>A DDoS (Distributed Denial of Service) Attack could cause significant damage to a company or organization. A DDoS attack can not only take a website offline, it can also make a system weaker. With suitable correlation rules in place, a SIEM should trigger an alert at the start of the attack so that the company can take the necessary precautionary measures to protect vital systems. </p> <div class="mw-heading mw-heading3"><h3 id="File_Integrity_Change">File Integrity Change</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=13" title="Edit section: File Integrity Change"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>File Integrity and Change Monitoring (FIM) is the process of monitoring the files on your system. Unexpected changes in your system files will trigger an alert as it's a likely indication of a cyber attack. </p> <div class="mw-heading mw-heading2"><h2 id="Alerting_examples">Alerting examples</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=14" title="Edit section: Alerting examples"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Some examples of customized rules to alert on event conditions involve user authentication rules, attacks detected and infections detected.<sup id="cite_ref-32" class="reference"><a href="#cite_note-32"><span class="cite-bracket">&#91;</span>32<span class="cite-bracket">&#93;</span></a></sup> </p> <table class="wikitable"> <tbody><tr> <th>Rule</th> <th>Goal</th> <th>Trigger</th> <th>Event Sources </th></tr> <tr> <td>Repeat Attack-Login Source</td> <td>Early warning for brute force attacks, password guessing, and misconfigured applications.</td> <td>Alert on 3 or more failed logins in 1 minute from a single host.</td> <td>Active Directory, Syslog (Unix Hosts, Switches, Routers, VPN), RADIUS, TACACS, Monitored Applications. </td></tr> <tr> <td>Repeat Attack-Firewall</td> <td>Early warning for scans, worm propagation, etc.</td> <td>Alert on 15 or more Firewall Drop/Reject/Deny Events from a single IP Address in one minute. </td> <td>Firewalls, Routers and Switches. </td></tr> <tr> <td>Repeat Attack-Network Intrusion Prevention System</td> <td>Early warning for scans, worm propagation, etc.</td> <td>Alert on 7 or more IDS Alerts from a single IP Address in one minute</td> <td>Network Intrusion Detection and Prevention Devices </td></tr> <tr> <td>Repeat Attack-Host Intrusion Prevention System</td> <td>Find hosts that may be infected or compromised<br />(exhibiting infection behaviors)</td> <td>Alert on 3 or more events from a single IP Address in 10 minutes</td> <td>Host Intrusion Prevention System Alerts </td></tr> <tr> <td>Virus Detection/Removal</td> <td>Alert when a virus, spyware or other malware is detected on a host</td> <td>Alert when a single host sees an identifiable piece of malware</td> <td>Anti-Virus, HIPS, Network/System Behavioral Anomaly Detectors </td></tr> <tr> <td>Virus or Spyware Detected but Failed to Clean</td> <td>Alert when &gt;1 Hour has passed since malware was detected, on a source, with no corresponding virus successfully removed</td> <td>Alert when a single host fails to auto-clean malware within 1 hour of detection</td> <td>Firewall, NIPS, Anti-Virus, HIPS, Failed Login Events </td></tr></tbody></table> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=15" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Computer_security_incident_management" title="Computer security incident management">Computer security incident management</a></li> <li><a href="/wiki/Gordon%E2%80%93Loeb_model" title="Gordon–Loeb model">Gordon–Loeb model</a> for cyber security investments</li> <li><a href="/wiki/IT_risk" title="IT risk">IT risk</a></li> <li><a href="/wiki/Log_management" title="Log management">Log management</a></li> <li><a href="/wiki/Extended_detection_and_response" title="Extended detection and response">Extended detection and response (XDR)</a></li> <li><a href="/wiki/Endpoint_detection_and_response" title="Endpoint detection and response">Endpoint detection and response (EDR)</a></li> <li><a href="/wiki/Network_detection_and_response" title="Network detection and response">Network detection and response (NDR)</a></li> <li><a href="/wiki/Security_orchestration" title="Security orchestration">Security orchestration</a>, automation and response</li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=16" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist reflist-columns references-column-width reflist-columns-2"> <ol class="references"> <li id="cite_note-WIS_1-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-WIS_1_1-0">^</a></b></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ibm.com/topics/siem">"What is SIEM"</a>. <a href="/wiki/IBM" title="IBM">IBM</a>. 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">25 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=What+is+SIEM&amp;rft.pub=IBM&amp;rft.date=2024&amp;rft_id=https%3A%2F%2Fwww.ibm.com%2Ftopics%2Fsiem&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-GSF_1-2"><span class="mw-cite-backlink">^ <a href="#cite_ref-GSF_1_2-0">^{<i><b>a</b></i>}</a> <a href="#cite_ref-GSF_1_2-1">^{<i><b>b</b></i>}</a> <a href="#cite_ref-GSF_1_2-2">^{<i><b>c</b></i>}</a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFJohnsonDempseyRossGupta2019" class="citation web cs1">Johnson, Arnold; Dempsey, Kelley; Ross, Ron; Gupta, Sarbari; Bailey, Dennis (10 October 2019). <a rel="nofollow" class="external text" href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-128.pdf">"Guide for Security-Focused Configuration Management of Information Systems"</a> <span class="cs1-format">(PDF)</span>. <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">National Institute of Standards and Technology</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.6028%2Fnist.sp.800-128">10.6028/nist.sp.800-128</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a>&#160;<a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:63907907">63907907</a><span class="reference-accessdate">. Retrieved <span class="nowrap">23 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=Guide+for+Security-Focused+Configuration+Management+of+Information+Systems&amp;rft.pub=National+Institute+of+Standards+and+Technology&amp;rft.date=2019-10-10&amp;rft_id=info%3Adoi%2F10.6028%2Fnist.sp.800-128&amp;rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A63907907%23id-name%3DS2CID&amp;rft.aulast=Johnson&amp;rft.aufirst=Arnold&amp;rft.au=Dempsey%2C+Kelley&amp;rft.au=Ross%2C+Ron&amp;rft.au=Gupta%2C+Sarbari&amp;rft.au=Bailey%2C+Dennis&amp;rft_id=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-128.pdf&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-3">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCinqueCotroneoPecchia2018" class="citation book cs1">Cinque, Marcello; Cotroneo, Domenico; Pecchia, Antonio (2018). <a rel="nofollow" class="external text" href="https://ieeexplore.ieee.org/document/8539170"><i>Challenges and Directions in Security Information and Event Management (SIEM)</i></a>. pp.&#160;<span class="nowrap">95–</span>99. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FISSREW.2018.00-24">10.1109/ISSREW.2018.00-24</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a>&#160;<a href="/wiki/Special:BookSources/978-1-5386-9443-5" title="Special:BookSources/978-1-5386-9443-5"><bdi>978-1-5386-9443-5</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">2024-02-02</span></span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=book&amp;rft.btitle=Challenges+and+Directions+in+Security+Information+and+Event+Management+%28SIEM%29&amp;rft.pages=%3Cspan+class%3D%22nowrap%22%3E95-%3C%2Fspan%3E99&amp;rft.date=2018&amp;rft_id=info%3Adoi%2F10.1109%2FISSREW.2018.00-24&amp;rft.isbn=978-1-5386-9443-5&amp;rft.aulast=Cinque&amp;rft.aufirst=Marcello&amp;rft.au=Cotroneo%2C+Domenico&amp;rft.au=Pecchia%2C+Antonio&amp;rft_id=https%3A%2F%2Fieeexplore.ieee.org%2Fdocument%2F8539170&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-4">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://csrc.nist.gov/glossary/term/security_information_and_event_management_tool">"Security Information and Event Management (SIEM) Tool"</a>. <a href="/wiki/NIST" class="mw-redirect" title="NIST">NIST</a><span class="reference-accessdate">. Retrieved <span class="nowrap">25 January</span> 2025</span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=Security+Information+and+Event+Management+%28SIEM%29+Tool&amp;rft.pub=NIST&amp;rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fglossary%2Fterm%2Fsecurity_information_and_event_management_tool&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-drdobbs2007-5"><span class="mw-cite-backlink">^ <a href="#cite_ref-drdobbs2007_5-0">^{<i><b>a</b></i>}</a> <a href="#cite_ref-drdobbs2007_5-1">^{<i><b>b</b></i>}</a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.drdobbs.com/197002909">"SIEM: A Market Snapshot"</a>. Dr.Dobb's Journal. 5 February 2007.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=SIEM%3A+A+Market+Snapshot&amp;rft.pub=Dr.Dobb%27s+Journal&amp;rft.date=2007-02-05&amp;rft_id=http%3A%2F%2Fwww.drdobbs.com%2F197002909&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-AE_1-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-AE_1_6-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRuthbergMcKenzie1977" class="citation book cs1">Ruthberg, Zella; McKenzie, Robert (1 October 1977). <a rel="nofollow" class="external text" href="https://play.google.com/store/books/details/Audit_and_Evaluation_of_Computer_Security_Proceedi?id=uL9MQ-bXe0QC&amp;gl=US"><i>Audit and evaluation of computer security</i></a>. <a href="/wiki/U.S._Department_of_Commerce" class="mw-redirect" title="U.S. Department of Commerce">U.S. Department of Commerce</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.6028%2FNBS.SP.500-19">10.6028/NBS.SP.500-19</a><span class="reference-accessdate">. Retrieved <span class="nowrap">23 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=book&amp;rft.btitle=Audit+and+evaluation+of+computer+security&amp;rft.pub=U.S.+Department+of+Commerce&amp;rft.date=1977-10-01&amp;rft_id=info%3Adoi%2F10.6028%2FNBS.SP.500-19&amp;rft.aulast=Ruthberg&amp;rft.aufirst=Zella&amp;rft.au=McKenzie%2C+Robert&amp;rft_id=https%3A%2F%2Fplay.google.com%2Fstore%2Fbooks%2Fdetails%2FAudit_and_Evaluation_of_Computer_Security_Proceedi%3Fid%3DuL9MQ-bXe0QC%26gl%3DUS&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-7">^</a></b></span> <span class="reference-text"> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWilliams2005" class="citation web cs1">Williams, Amrit (2005-05-02). <a rel="nofollow" class="external text" href="https://www.gartner.com/doc/480703/improve-it-security-vulnerability-management">"Improve IT Security With Vulnerability Management"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2016-04-09</span></span>. <q>Security information and event management (SIEM)</q></cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=Improve+IT+Security+With+Vulnerability+Management&amp;rft.date=2005-05-02&amp;rft.aulast=Williams&amp;rft.aufirst=Amrit&amp;rft_id=https%3A%2F%2Fwww.gartner.com%2Fdoc%2F480703%2Fimprove-it-security-vulnerability-management&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity">"Improving the Nation's Cybersecurity"</a>. <i>Federal Register</i>. 2021-05-17<span class="reference-accessdate">. Retrieved <span class="nowrap">2021-07-28</span></span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=Federal+Register&amp;rft.atitle=Improving+the+Nation%27s+Cybersecurity&amp;rft.date=2021-05-17&amp;rft_id=https%3A%2F%2Fwww.federalregister.gov%2Fdocuments%2F2021%2F05%2F17%2F2021-10460%2Fimproving-the-nations-cybersecurity&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-GCLM_1-9"><span class="mw-cite-backlink">^ <a href="#cite_ref-GCLM_1_9-0">^{<i><b>a</b></i>}</a> <a href="#cite_ref-GCLM_1_9-1">^{<i><b>b</b></i>}</a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKentSouppaya2006" class="citation web cs1">Kent, Karen; Souppaya, Murugiah (13 September 2006). <a rel="nofollow" class="external text" href="https://csrc.nist.gov/pubs/sp/800/92/final">"Guide to Computer Security Log Management"</a>. <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">National Institute of Standards and Technology</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.6028%2FNIST.SP.800-92">10.6028/NIST.SP.800-92</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a>&#160;<a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:221183642">221183642</a><span class="reference-accessdate">. Retrieved <span class="nowrap">24 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=Guide+to+Computer+Security+Log+Management&amp;rft.pub=National+Institute+of+Standards+and+Technology&amp;rft.date=2006-09-13&amp;rft_id=info%3Adoi%2F10.6028%2FNIST.SP.800-92&amp;rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A221183642%23id-name%3DS2CID&amp;rft.aulast=Kent&amp;rft.aufirst=Karen&amp;rft.au=Souppaya%2C+Murugiah&amp;rft_id=https%3A%2F%2Fcsrc.nist.gov%2Fpubs%2Fsp%2F800%2F92%2Ffinal&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-Computer_Security_Division-10"><span class="mw-cite-backlink"><b><a href="#cite_ref-Computer_Security_Division_10-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://csrc.nist.gov/Projects/Risk-Management">"NIST Risk Management Framework"</a>. <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">National Institute of Standards and Technology</a>. 7 November 2024<span class="reference-accessdate">. Retrieved <span class="nowrap">25 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=NIST+Risk+Management+Framework&amp;rft.pub=National+Institute+of+Standards+and+Technology&amp;rft.date=2024-11-07&amp;rft_id=https%3A%2F%2Fcsrc.nist.gov%2FProjects%2FRisk-Management&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFComputer_Security_Division2016" class="citation web cs1">Computer Security Division, Information Technology Laboratory (2016-11-30). <a rel="nofollow" class="external text" href="https://csrc.nist.gov/Projects/Risk-Management">"NIST Risk Management Framework | CSRC | CSRC"</a>. <i>CSRC | NIST</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2021-07-23</span></span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=CSRC+%7C+NIST&amp;rft.atitle=NIST+Risk+Management+Framework+%7C+CSRC+%7C+CSRC&amp;rft.date=2016-11-30&amp;rft.aulast=Computer+Security+Division&amp;rft.aufirst=Information+Technology+Laboratory&amp;rft_id=https%3A%2F%2Fcsrc.nist.gov%2FProjects%2FRisk-Management&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-12">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/nist-framework">"Understanding the NIST cybersecurity framework"</a>. <i>Federal Trade Commission</i>. 2018-10-05<span class="reference-accessdate">. Retrieved <span class="nowrap">2021-07-23</span></span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=Federal+Trade+Commission&amp;rft.atitle=Understanding+the+NIST+cybersecurity+framework&amp;rft.date=2018-10-05&amp;rft_id=https%3A%2F%2Fwww.ftc.gov%2Ftips-advice%2Fbusiness-center%2Fsmall-businesses%2Fcybersecurity%2Fnist-framework&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-13"><span class="mw-cite-backlink"><b><a href="#cite_ref-13">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRights_(OCR)2009" class="citation web cs1">Rights (OCR), Office for Civil (2009-11-20). <a rel="nofollow" class="external text" href="https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html">"Summary of the HIPAA Security Rule"</a>. <i>HHS.gov</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2021-07-23</span></span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=HHS.gov&amp;rft.atitle=Summary+of+the+HIPAA+Security+Rule&amp;rft.date=2009-11-20&amp;rft.aulast=Rights+%28OCR%29&amp;rft.aufirst=Office+for+Civil&amp;rft_id=https%3A%2F%2Fwww.hhs.gov%2Fhipaa%2Ffor-professionals%2Fsecurity%2Flaws-regulations%2Findex.html&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-14">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation journal cs1"><a rel="nofollow" class="external text" href="https://doi.org/10.48009%2F2_iis_2005_124-130">"The Role of Information Security in Sarbanes-Oxley Compliance"</a>. <i>Issues in Information Systems</i>. 2005. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.48009%2F2_iis_2005_124-130">10.48009/2_iis_2005_124-130</a></span>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a>&#160;<a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1529-7314">1529-7314</a>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=article&amp;rft.jtitle=Issues+in+Information+Systems&amp;rft.atitle=The+Role+of+Information+Security+in+Sarbanes-Oxley+Compliance&amp;rft.date=2005&amp;rft_id=info%3Adoi%2F10.48009%2F2_iis_2005_124-130&amp;rft.issn=1529-7314&amp;rft_id=https%3A%2F%2Fdoi.org%2F10.48009%252F2_iis_2005_124-130&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.pcisecuritystandards.org/pdfs/Mapping-PCI-DSS-to-NIST-Framework.pdf?agreement=true&amp;time=1627059974846">"Mapping PCI DSS v3_2_1 to the NIST Cybersecurity Framework v1_1"</a> <span class="cs1-format">(PDF)</span>. July 2019.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=Mapping+PCI+DSS+v3_2_1+to+the+NIST+Cybersecurity+Framework+v1_1&amp;rft.date=2019-07&amp;rft_id=https%3A%2F%2Fwww.pcisecuritystandards.org%2Fpdfs%2FMapping-PCI-DSS-to-NIST-Framework.pdf%3Fagreement%3Dtrue%26time%3D1627059974846&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://csrc.nist.gov/CSRC/media/Publications/sp/800-53/rev-5/final/documents/sp800-53r5-to-iso-27001-mapping.docx">"NIST SP 800-53, Revision 5 Control Mappings to ISO/IEC 27001"</a>. 10 December 2020.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=NIST+SP+800-53%2C+Revision+5+Control+Mappings+to+ISO%2FIEC+27001&amp;rft.date=2020-12-10&amp;rft_id=https%3A%2F%2Fcsrc.nist.gov%2FCSRC%2Fmedia%2FPublications%2Fsp%2F800-53%2Frev-5%2Ffinal%2Fdocuments%2Fsp800-53r5-to-iso-27001-mapping.docx&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-RM_1-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-RM_1_17-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf">"Risk Management Framework for Information Systems and Organizations"</a> <span class="cs1-format">(PDF)</span>. <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">National Institute of Standards and Technology</a>. December 2018. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.6028%2Fnist.sp.800-37r2">10.6028/nist.sp.800-37r2</a><span class="reference-accessdate">. Retrieved <span class="nowrap">24 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=Risk+Management+Framework+for+Information+Systems+and+Organizations&amp;rft.pub=National+Institute+of+Standards+and+Technology&amp;rft.date=2018-12&amp;rft_id=info%3Adoi%2F10.6028%2Fnist.sp.800-37r2&amp;rft_id=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-37r2.pdf&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-:1-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-:1_18-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFComputer_Security_Division2016" class="citation web cs1">Computer Security Division, Information Technology Laboratory (2016-11-30). <a rel="nofollow" class="external text" href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">"Release Search - NIST Risk Management Framework | CSRC | CSRC"</a>. <i>CSRC | NIST</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2021-07-19</span></span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=CSRC+%7C+NIST&amp;rft.atitle=Release+Search+-+NIST+Risk+Management+Framework+%7C+CSRC+%7C+CSRC&amp;rft.date=2016-11-30&amp;rft.aulast=Computer+Security+Division&amp;rft.aufirst=Information+Technology+Laboratory&amp;rft_id=https%3A%2F%2Fcsrc.nist.gov%2FProjects%2Frisk-management%2Fsp800-53-controls%2Frelease-search&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-SPC_1-19"><span class="mw-cite-backlink">^ <a href="#cite_ref-SPC_1_19-0">^{<i><b>a</b></i>}</a> <a href="#cite_ref-SPC_1_19-1">^{<i><b>b</b></i>}</a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf">"Security and Privacy Controls for Information Systems and Organizations"</a> <span class="cs1-format">(PDF)</span>. <a href="/wiki/National_Institute_of_Standards_and_Technology" title="National Institute of Standards and Technology">National Institute of Standards and Technology</a>. 12 October 2020. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.6028%2FNIST.SP.800-53r5">10.6028/NIST.SP.800-53r5</a><span class="reference-accessdate">. Retrieved <span class="nowrap">24 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=Security+and+Privacy+Controls+for+Information+Systems+and+Organizations&amp;rft.pub=National+Institute+of+Standards+and+Technology&amp;rft.date=2020-10-12&amp;rft_id=info%3Adoi%2F10.6028%2FNIST.SP.800-53r5&amp;rft_id=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-53r5.pdf&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-Generic-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-Generic_20-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSwift2006" class="citation web cs1">Swift, David (26 December 2006). <a rel="nofollow" class="external text" href="http://www.sans.org/reading-room/whitepapers/logging/practical-application-sim-sem-siem-automating-threat-identification-1781">"A Practical Application of SIM/SEM/SIEM, Automating Threat Identification"</a> <span class="cs1-format">(PDF)</span>. <i>SANS Institute</i>. p.&#160;3<span class="reference-accessdate">. Retrieved <span class="nowrap">14 May</span> 2014</span>. <q>...the acronym SIEM will be used generically to refer...</q></cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=SANS+Institute&amp;rft.atitle=A+Practical+Application+of+SIM%2FSEM%2FSIEM%2C+Automating+Threat+Identification&amp;rft.pages=3&amp;rft.date=2006-12-26&amp;rft.aulast=Swift&amp;rft.aufirst=David&amp;rft_id=http%3A%2F%2Fwww.sans.org%2Freading-room%2Fwhitepapers%2Flogging%2Fpractical-application-sim-sem-siem-automating-threat-identification-1781&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-r1-21"><span class="mw-cite-backlink">^ <a href="#cite_ref-r1_21-0">^{<i><b>a</b></i>}</a> <a href="#cite_ref-r1_21-1">^{<i><b>b</b></i>}</a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFJamil,_Amir2010" class="citation web cs1">Jamil, Amir (29 March 2010). <a rel="nofollow" class="external text" href="http://www.gmdit.com/NewsView.aspx?ID=9IfB2Axzeew=">"The difference between SEM, SIM and SIEM"</a>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=unknown&amp;rft.btitle=The+difference+between+SEM%2C+SIM+and+SIEM&amp;rft.date=2010-03-29&amp;rft.au=Jamil%2C+Amir&amp;rft_id=http%3A%2F%2Fwww.gmdit.com%2FNewsView.aspx%3FID%3D9IfB2Axzeew%3D&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-22"><span class="mw-cite-backlink"><b><a href="#cite_ref-22">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBhattManadhataZomlot2014" class="citation journal cs1">Bhatt, S.; Manadhata, P.K.; Zomlot, L. (2014). <a rel="nofollow" class="external text" href="https://ieeexplore.ieee.org/document/6924640">"The Operational Role of Security Information and Event Management Systems"</a>. <i>IEEE Security &amp; Privacy</i>. <b>12</b> (5): <span class="nowrap">35–</span>41. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FMSP.2014.103">10.1109/MSP.2014.103</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a>&#160;<a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:16419710">16419710</a>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=article&amp;rft.jtitle=IEEE+Security+%26+Privacy&amp;rft.atitle=The+Operational+Role+of+Security+Information+and+Event+Management+Systems&amp;rft.volume=12&amp;rft.issue=5&amp;rft.pages=%3Cspan+class%3D%22nowrap%22%3E35-%3C%2Fspan%3E41&amp;rft.date=2014&amp;rft_id=info%3Adoi%2F10.1109%2FMSP.2014.103&amp;rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A16419710%23id-name%3DS2CID&amp;rft.aulast=Bhatt&amp;rft.aufirst=S.&amp;rft.au=Manadhata%2C+P.K.&amp;rft.au=Zomlot%2C+L.&amp;rft_id=https%3A%2F%2Fieeexplore.ieee.org%2Fdocument%2F6924640&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-23"><span class="mw-cite-backlink"><b><a href="#cite_ref-23">^</a></b></span> <span class="reference-text"><a rel="nofollow" class="external text" href="http://securityinformationeventmanagement.com/security-event-management.php">Correlation</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141019131638/http://securityinformationeventmanagement.com/security-event-management.php">Archived</a> 2014-10-19 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a></span> </li> <li id="cite_note-accelops.net-24"><span class="mw-cite-backlink">^ <a href="#cite_ref-accelops.net_24-0">^{<i><b>a</b></i>}</a> <a href="#cite_ref-accelops.net_24-1">^{<i><b>b</b></i>}</a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20110723002943/http://www.accelops.net/blog/?p=149">"Compliance Management and Compliance Automation – How and How Efficient, Part 1"</a>. <i>accelops.net</i>. Archived from <a rel="nofollow" class="external text" href="http://www.accelops.net/blog/?p=149">the original</a> on 2011-07-23<span class="reference-accessdate">. Retrieved <span class="nowrap">2018-05-02</span></span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=accelops.net&amp;rft.atitle=Compliance+Management+and+Compliance+Automation+%E2%80%93+How+and+How+Efficient%2C+Part+1&amp;rft_id=http%3A%2F%2Fwww.accelops.net%2Fblog%2F%3Fp%3D149&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-25"><span class="mw-cite-backlink"><b><a href="#cite_ref-25">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.verizonbusiness.com/about/events/2012dbir/">"2018 Data Breach Investigations Report | Verizon Enterprise Solutions"</a>. <i>Verizon Enterprise Solutions</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-05-02</span></span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=Verizon+Enterprise+Solutions&amp;rft.atitle=2018+Data+Breach+Investigations+Report+%7C+Verizon+Enterprise+Solutions&amp;rft_id=http%3A%2F%2Fwww.verizonbusiness.com%2Fabout%2Fevents%2F2012dbir%2F&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-26"><span class="mw-cite-backlink"><b><a href="#cite_ref-26">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKotenkoPolubelovaSaenko2012" class="citation book cs1">Kotenko, Igor; Polubelova, Olga; Saenko, Igor (November 2012). <a rel="nofollow" class="external text" href="https://ieeexplore.ieee.org/document/6468405">"The Ontological Approach for SIEM Data Repository Implementation"</a>. <i>2012 IEEE International Conference on Green Computing and Communications</i>. Besancon, France: IEEE. pp.&#160;<span class="nowrap">761–</span>766. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FGreenCom.2012.125">10.1109/GreenCom.2012.125</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a>&#160;<a href="/wiki/Special:BookSources/978-1-4673-5146-1" title="Special:BookSources/978-1-4673-5146-1"><bdi>978-1-4673-5146-1</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a>&#160;<a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:18920083">18920083</a>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=bookitem&amp;rft.atitle=The+Ontological+Approach+for+SIEM+Data+Repository+Implementation&amp;rft.btitle=2012+IEEE+International+Conference+on+Green+Computing+and+Communications&amp;rft.place=Besancon%2C+France&amp;rft.pages=%3Cspan+class%3D%22nowrap%22%3E761-%3C%2Fspan%3E766&amp;rft.pub=IEEE&amp;rft.date=2012-11&amp;rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A18920083%23id-name%3DS2CID&amp;rft_id=info%3Adoi%2F10.1109%2FGreenCom.2012.125&amp;rft.isbn=978-1-4673-5146-1&amp;rft.aulast=Kotenko&amp;rft.aufirst=Igor&amp;rft.au=Polubelova%2C+Olga&amp;rft.au=Saenko%2C+Igor&amp;rft_id=https%3A%2F%2Fieeexplore.ieee.org%2Fdocument%2F6468405&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-27"><span class="mw-cite-backlink"><b><a href="#cite_ref-27">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKotenkoChechulin2012" class="citation book cs1">Kotenko, Igor; Chechulin, Andrey (November 2012). <a rel="nofollow" class="external text" href="https://ieeexplore.ieee.org/document/6468300">"Common Framework for Attack Modeling and Security Evaluation in SIEM Systems"</a>. <i>2012 IEEE International Conference on Green Computing and Communications</i>. pp.&#160;<span class="nowrap">94–</span>101. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FGreenCom.2012.24">10.1109/GreenCom.2012.24</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a>&#160;<a href="/wiki/Special:BookSources/978-1-4673-5146-1" title="Special:BookSources/978-1-4673-5146-1"><bdi>978-1-4673-5146-1</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a>&#160;<a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:15834187">15834187</a>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=bookitem&amp;rft.atitle=Common+Framework+for+Attack+Modeling+and+Security+Evaluation+in+SIEM+Systems&amp;rft.btitle=2012+IEEE+International+Conference+on+Green+Computing+and+Communications&amp;rft.pages=%3Cspan+class%3D%22nowrap%22%3E94-%3C%2Fspan%3E101&amp;rft.date=2012-11&amp;rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A15834187%23id-name%3DS2CID&amp;rft_id=info%3Adoi%2F10.1109%2FGreenCom.2012.24&amp;rft.isbn=978-1-4673-5146-1&amp;rft.aulast=Kotenko&amp;rft.aufirst=Igor&amp;rft.au=Chechulin%2C+Andrey&amp;rft_id=https%3A%2F%2Fieeexplore.ieee.org%2Fdocument%2F6468300&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-:4-28"><span class="mw-cite-backlink"><b><a href="#cite_ref-:4_28-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKarl-Bridge-Microsoft" class="citation web cs1">Karl-Bridge-Microsoft. <a rel="nofollow" class="external text" href="https://docs.microsoft.com/en-us/windows/win32/eventlog/eventlog-key">"Eventlog Key - Win32 apps"</a>. <i>docs.microsoft.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2021-07-18</span></span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=docs.microsoft.com&amp;rft.atitle=Eventlog+Key+-+Win32+apps&amp;rft.au=Karl-Bridge-Microsoft&amp;rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fwin32%2Feventlog%2Feventlog-key&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-29"><span class="mw-cite-backlink"><b><a href="#cite_ref-29">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKotenkoPolubelovaSaenko2012" class="citation book cs1">Kotenko, Igor; Polubelova, Olga; Saenko, Igor (November 2012). <a rel="nofollow" class="external text" href="https://ieeexplore.ieee.org/document/6468405">"The Ontological Approach for SIEM Data Repository Implementation"</a>. <i>2012 IEEE International Conference on Green Computing and Communications</i>. pp.&#160;<span class="nowrap">761–</span>766. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FGreenCom.2012.125">10.1109/GreenCom.2012.125</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a>&#160;<a href="/wiki/Special:BookSources/978-1-4673-5146-1" title="Special:BookSources/978-1-4673-5146-1"><bdi>978-1-4673-5146-1</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a>&#160;<a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:18920083">18920083</a>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=bookitem&amp;rft.atitle=The+Ontological+Approach+for+SIEM+Data+Repository+Implementation&amp;rft.btitle=2012+IEEE+International+Conference+on+Green+Computing+and+Communications&amp;rft.pages=%3Cspan+class%3D%22nowrap%22%3E761-%3C%2Fspan%3E766&amp;rft.date=2012-11&amp;rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A18920083%23id-name%3DS2CID&amp;rft_id=info%3Adoi%2F10.1109%2FGreenCom.2012.125&amp;rft.isbn=978-1-4673-5146-1&amp;rft.aulast=Kotenko&amp;rft.aufirst=Igor&amp;rft.au=Polubelova%2C+Olga&amp;rft.au=Saenko%2C+Igor&amp;rft_id=https%3A%2F%2Fieeexplore.ieee.org%2Fdocument%2F6468405&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-30"><span class="mw-cite-backlink"><b><a href="#cite_ref-30">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAzodiJaegerChengMeinel2013" class="citation book cs1">Azodi, Amir; Jaeger, David; Cheng, Feng; Meinel, Christoph (December 2013). <a rel="nofollow" class="external text" href="https://ieeexplore.ieee.org/document/6824575">"Pushing the Limits in Event Normalisation to Improve Attack Detection in IDS/SIEM Systems"</a>. <i>2013 International Conference on Advanced Cloud and Big Data</i>. pp.&#160;<span class="nowrap">69–</span>76. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FCBD.2013.27">10.1109/CBD.2013.27</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a>&#160;<a href="/wiki/Special:BookSources/978-1-4799-3261-0" title="Special:BookSources/978-1-4799-3261-0"><bdi>978-1-4799-3261-0</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a>&#160;<a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:1066886">1066886</a>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.genre=bookitem&amp;rft.atitle=Pushing+the+Limits+in+Event+Normalisation+to+Improve+Attack+Detection+in+IDS%2FSIEM+Systems&amp;rft.btitle=2013+International+Conference+on+Advanced+Cloud+and+Big+Data&amp;rft.pages=%3Cspan+class%3D%22nowrap%22%3E69-%3C%2Fspan%3E76&amp;rft.date=2013-12&amp;rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A1066886%23id-name%3DS2CID&amp;rft_id=info%3Adoi%2F10.1109%2FCBD.2013.27&amp;rft.isbn=978-1-4799-3261-0&amp;rft.aulast=Azodi&amp;rft.aufirst=Amir&amp;rft.au=Jaeger%2C+David&amp;rft.au=Cheng%2C+Feng&amp;rft.au=Meinel%2C+Christoph&amp;rft_id=https%3A%2F%2Fieeexplore.ieee.org%2Fdocument%2F6824575&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-31"><span class="mw-cite-backlink"><b><a href="#cite_ref-31">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.youtube.com/watch?v=j4pF9VUdphc">"28c3: Security Log Visualization with a Correlation Engine"</a>. <i><a href="/wiki/YouTube" title="YouTube">YouTube</a></i>. December 29, 2011. <a rel="nofollow" class="external text" href="https://ghostarchive.org/varchive/youtube/20211215/j4pF9VUdphc">Archived</a> from the original on 2021-12-15<span class="reference-accessdate">. Retrieved <span class="nowrap">November 4,</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=YouTube&amp;rft.atitle=28c3%3A+Security+Log+Visualization+with+a+Correlation+Engine&amp;rft.date=2011-12-29&amp;rft_id=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dj4pF9VUdphc&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> <li id="cite_note-32"><span class="mw-cite-backlink"><b><a href="#cite_ref-32">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSwift2010" class="citation web cs1">Swift, David (2010). <a rel="nofollow" class="external text" href="https://www.sans.org/reading-room/whitepapers/auditing/successful-siem-log-management-strategies-audit-compliance-33528">"Successful SIEM and Log Management Strategies for Audit and Compliance"</a>. <i>SANS Institute</i>.</cite><span title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&amp;rft.genre=unknown&amp;rft.jtitle=SANS+Institute&amp;rft.atitle=Successful+SIEM+and+Log+Management+Strategies+for+Audit+and+Compliance&amp;rft.date=2010&amp;rft.aulast=Swift&amp;rft.aufirst=David&amp;rft_id=https%3A%2F%2Fwww.sans.org%2Freading-room%2Fwhitepapers%2Fauditing%2Fsuccessful-siem-log-management-strategies-audit-compliance-33528&amp;rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecurity+information+and+event+management" class="Z3988"></span></span> </li> </ol></div> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Security_information_and_event_management&amp;action=edit&amp;section=17" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a rel="nofollow" class="external text" href="https://utmstack.com/siem-correlation-rules/UTMStack">Essential SIEM Correlation Rules for Compliance</a>.</li></ul> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="Information_security88" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="3"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Information_security" title="Template:Information security"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Information_security" title="Template talk:Information security"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Information_security" title="Special:EditPage/Template:Information security"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Information_security88" style="font-size:114%;margin:0 4em"><a href="/wiki/Information_security" title="Information security">Information security</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">Related security categories</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Computer_security" title="Computer security">Computer security</a></li> <li><a href="/wiki/Automotive_security" title="Automotive security">Automotive security</a></li> <li><a href="/wiki/Cybercrime" title="Cybercrime">Cybercrime</a> <ul><li><a href="/wiki/Cybersex_trafficking" title="Cybersex trafficking">Cybersex trafficking</a></li> <li><a href="/wiki/Computer_fraud" title="Computer fraud">Computer fraud</a></li></ul></li> <li><a href="/wiki/Cybergeddon" title="Cybergeddon">Cybergeddon</a></li> <li><a href="/wiki/Cyberterrorism" title="Cyberterrorism">Cyberterrorism</a></li> <li><a href="/wiki/Cyberwarfare" title="Cyberwarfare">Cyberwarfare</a></li> <li><a href="/wiki/Electronic_warfare" title="Electronic warfare">Electronic warfare</a></li> <li><a href="/wiki/Information_warfare" title="Information warfare">Information warfare</a></li> <li><a href="/wiki/Internet_security" title="Internet security">Internet security</a></li> <li><a href="/wiki/Mobile_security" title="Mobile security">Mobile security</a></li> <li><a href="/wiki/Network_security" title="Network security">Network security</a></li> <li><a href="/wiki/Copy_protection" title="Copy protection">Copy protection</a></li> <li><a href="/wiki/Digital_rights_management" title="Digital rights management">Digital rights management</a></li></ul> </div></td><td class="noviewer navbox-image" rowspan="3" style="width:1px;padding:0 0 0 2px"><div><figure class="mw-halign-center" typeof="mw:File"><a href="/wiki/File:CIAJMK1209-en.svg" class="mw-file-description" title="vectorial version"><img alt="vectorial version" src="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/150px-CIAJMK1209-en.svg.png" decoding="async" width="150" height="150" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/225px-CIAJMK1209-en.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/300px-CIAJMK1209-en.svg.png 2x" data-file-width="496" data-file-height="496" /></a><figcaption>vectorial version</figcaption></figure></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Threat_(computer)" class="mw-redirect" title="Threat (computer)">Threats</a></th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Adware" title="Adware">Adware</a></li> <li><a href="/wiki/Advanced_persistent_threat" title="Advanced persistent threat">Advanced persistent threat</a></li> <li><a href="/wiki/Arbitrary_code_execution" title="Arbitrary code execution">Arbitrary code execution</a></li> <li><a href="/wiki/Backdoor_(computing)" title="Backdoor (computing)">Backdoors</a></li> <li>Bombs <ul><li><a href="/wiki/Fork_bomb" title="Fork bomb">Fork</a></li> <li><a href="/wiki/Logic_bomb" title="Logic bomb">Logic</a></li> <li><a href="/wiki/Time_bomb_(software)" title="Time bomb (software)">Time</a></li> <li><a href="/wiki/Zip_bomb" title="Zip bomb">Zip</a></li></ul></li> <li><a href="/wiki/Hardware_backdoor" title="Hardware backdoor">Hardware backdoors</a></li> <li><a href="/wiki/Code_injection" title="Code injection">Code injection</a></li> <li><a href="/wiki/Crimeware" title="Crimeware">Crimeware</a></li> <li><a href="/wiki/Cross-site_scripting" title="Cross-site scripting">Cross-site scripting</a></li> <li><a href="/wiki/Cross-site_leaks" title="Cross-site leaks">Cross-site leaks</a></li> <li><a href="/wiki/DOM_clobbering" title="DOM clobbering">DOM clobbering</a></li> <li><a href="/wiki/History_sniffing" title="History sniffing">History sniffing</a></li> <li><a href="/wiki/Cryptojacking" title="Cryptojacking">Cryptojacking</a></li> <li><a href="/wiki/Botnet" title="Botnet">Botnets</a></li> <li><a href="/wiki/Data_breach" title="Data breach">Data breach</a></li> <li><a href="/wiki/Drive-by_download" title="Drive-by download">Drive-by download</a></li> <li><a href="/wiki/Browser_Helper_Object" title="Browser Helper Object">Browser Helper Objects</a></li> <li><a href="/wiki/Computer_virus" title="Computer virus">Viruses</a></li> <li><a href="/wiki/Data_scraping" title="Data scraping">Data scraping</a></li> <li><a href="/wiki/Denial-of-service_attack" title="Denial-of-service attack">Denial-of-service attack</a></li> <li><a href="/wiki/Eavesdropping" title="Eavesdropping">Eavesdropping</a></li> <li><a href="/wiki/Email_fraud" title="Email fraud">Email fraud</a></li> <li><a href="/wiki/Email_spoofing" title="Email spoofing">Email spoofing</a></li> <li><a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">Exploits</a></li> <li><a href="/wiki/Dialer#Fraudulent_dialer" title="Dialer">Fraudulent dialers</a></li> <li><a href="/wiki/Hacktivism" title="Hacktivism">Hacktivism</a></li> <li><a href="/wiki/Infostealer" title="Infostealer">Infostealer</a></li> <li><a href="/wiki/Insecure_direct_object_reference" title="Insecure direct object reference">Insecure direct object reference</a></li> <li><a href="/wiki/Keystroke_logging" title="Keystroke logging">Keystroke loggers</a></li> <li><a href="/wiki/Malware" title="Malware">Malware</a></li> <li><a href="/wiki/Payload_(computing)" title="Payload (computing)">Payload</a></li> <li><a href="/wiki/Phishing" title="Phishing">Phishing</a> <ul><li><a href="/wiki/Voice_phishing" title="Voice phishing">Voice</a></li></ul></li> <li><a href="/wiki/Polymorphic_engine" title="Polymorphic engine">Polymorphic engine</a></li> <li><a href="/wiki/Privilege_escalation" title="Privilege escalation">Privilege escalation</a></li> <li><a href="/wiki/Ransomware" title="Ransomware">Ransomware</a></li> <li><a href="/wiki/Rootkit" title="Rootkit">Rootkits</a></li> <li><a href="/wiki/Scareware" title="Scareware">Scareware</a></li> <li><a href="/wiki/Shellcode" title="Shellcode">Shellcode</a></li> <li><a href="/wiki/Spamming" title="Spamming">Spamming</a></li> <li><a href="/wiki/Social_engineering_(security)" title="Social engineering (security)">Social engineering</a></li> <li><a href="/wiki/Spyware" title="Spyware">Spyware</a></li> <li><a href="/wiki/Software_bug" title="Software bug">Software bugs</a></li> <li><a href="/wiki/Trojan_horse_(computing)" title="Trojan horse (computing)">Trojan horses</a></li> <li><a href="/wiki/Hardware_Trojan" title="Hardware Trojan">Hardware Trojans</a></li> <li><a href="/wiki/Remote_access_trojan" class="mw-redirect" title="Remote access trojan">Remote access trojans</a></li> <li><a href="/wiki/Vulnerability_(computer_security)" title="Vulnerability (computer security)">Vulnerability</a></li> <li><a href="/wiki/Web_shell" title="Web shell">Web shells</a></li> <li><a href="/wiki/Wiper_(malware)" title="Wiper (malware)">Wiper</a></li> <li><a href="/wiki/Computer_worm" title="Computer worm">Worms</a></li> <li><a href="/wiki/SQL_injection" title="SQL injection">SQL injection</a></li> <li><a href="/wiki/Rogue_security_software" title="Rogue security software">Rogue security software</a></li> <li><a href="/wiki/Zombie_(computing)" title="Zombie (computing)">Zombie</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Defenses</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Application_security" title="Application security">Application security</a> <ul><li><a href="/wiki/Secure_coding" title="Secure coding">Secure coding</a></li> <li>Secure by default</li> <li><a href="/wiki/Secure_by_design" title="Secure by design">Secure by design</a> <ul><li><a href="/wiki/Misuse_case" title="Misuse case">Misuse case</a></li></ul></li></ul></li> <li><a href="/wiki/Computer_access_control" title="Computer access control">Computer access control</a> <ul><li><a href="/wiki/Authentication" title="Authentication">Authentication</a> <ul><li><a href="/wiki/Multi-factor_authentication" title="Multi-factor authentication">Multi-factor authentication</a></li></ul></li> <li><a href="/wiki/Authorization" title="Authorization">Authorization</a></li></ul></li> <li><a href="/wiki/Computer_security_software" title="Computer security software">Computer security software</a> <ul><li><a href="/wiki/Antivirus_software" title="Antivirus software">Antivirus software</a></li> <li><a href="/wiki/Security-focused_operating_system" title="Security-focused operating system">Security-focused operating system</a></li></ul></li> <li><a href="/wiki/Data-centric_security" title="Data-centric security">Data-centric security</a></li> <li><a href="/wiki/Obfuscation_(software)" title="Obfuscation (software)">Software obfuscation</a></li> <li><a href="/wiki/Data_masking" title="Data masking">Data masking</a></li> <li><a href="/wiki/Encryption" title="Encryption">Encryption</a></li> <li><a href="/wiki/Firewall_(computing)" title="Firewall (computing)">Firewall</a></li> <li><a href="/wiki/Intrusion_detection_system" title="Intrusion detection system">Intrusion detection system</a> <ul><li><a href="/wiki/Host-based_intrusion_detection_system" title="Host-based intrusion detection system">Host-based intrusion detection system</a> (HIDS)</li> <li><a href="/wiki/Anomaly_detection" title="Anomaly detection">Anomaly detection</a></li></ul></li> <li><a href="/wiki/Information_security_management" title="Information security management">Information security management</a> <ul><li><a href="/wiki/Information_risk_management" class="mw-redirect" title="Information risk management">Information risk management</a></li> <li><a class="mw-selflink selflink">Security information and event management</a> (SIEM)</li></ul></li> <li><a href="/wiki/Runtime_application_self-protection" title="Runtime application self-protection">Runtime application self-protection</a></li> <li><a href="/wiki/Site_isolation" title="Site isolation">Site isolation</a></li></ul> </div></td></tr></tbody></table></div> <!-- NewPP limit report Parsed by mw‐api‐int.codfw.main‐5b65fffc7d‐v6qch Cached time: 20250216170639 Cache expiry: 2592000 Reduced expiry: false Complications: [vary‐revision‐sha1, show‐toc] CPU time usage: 0.512 seconds Real time usage: 0.599 seconds Preprocessor visited node count: 2122/1000000 Post‐expand include size: 78725/2097152 bytes Template argument size: 1385/2097152 bytes Highest expansion depth: 12/100 Expensive parser function count: 3/500 Unstrip recursion depth: 1/20 Unstrip post‐expand size: 123025/5000000 bytes Lua time usage: 0.335/10.000 seconds Lua memory usage: 6372631/52428800 bytes Number of Wikibase entities loaded: 0/400 --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 526.962 1 -total 58.25% 306.965 1 Template:Reflist 39.17% 206.430 23 Template:Cite_web 14.69% 77.406 1 Template:Information_security 14.16% 74.632 1 Template:Navbox 13.17% 69.383 1 Template:Short_description 7.95% 41.877 6 Template:Cite_book 7.89% 41.590 2 Template:Pagetype 6.90% 36.341 1 Template:Citation_needed 5.80% 30.569 1 Template:Fix --> <!-- Saved in parser cache with key enwiki:pcache:27262733:|#|:idhash:canonical and timestamp 20250216170639 and revision id 1276057973. Rendering was triggered because: api-parse --> </div><!--esi <esi:include src="/esitest-fa8a495983347898/content" /> --><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?useformat=desktop&amp;type=1x1&amp;usesul3=0" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Security_information_and_event_management&amp;oldid=1276057973">https://en.wikipedia.org/w/index.php?title=Security_information_and_event_management&amp;oldid=1276057973</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Category</a>: <ul><li><a href="/wiki/Category:Data_security" title="Category:Data security">Data security</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:Webarchive_template_wayback_links" title="Category:Webarchive template wayback links">Webarchive template wayback links</a></li><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:All_articles_with_unsourced_statements" title="Category:All articles with unsourced statements">All articles with unsourced statements</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_January_2024" title="Category:Articles with unsourced statements from January 2024">Articles with unsourced statements from January 2024</a></li><li><a href="/wiki/Category:Wikipedia_articles_needing_clarification_from_March_2016" title="Category:Wikipedia articles needing clarification from March 2016">Wikipedia articles needing clarification from March 2016</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 16 February 2025, at 17:06<span class="anonymous-show">&#160;(UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Security_information_and_event_management&amp;mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" lang="en" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><picture><source media="(min-width: 500px)" srcset="/w/resources/assets/poweredby_mediawiki.svg" width="88" height="31"><img src="/w/resources/assets/mediawiki_compact.svg" alt="Powered by MediaWiki" width="25" height="25" loading="lazy"></picture></a></li> </ul> </footer> </div> </div> </div> <div class="vector-header-container vector-sticky-header-container"> <div id="vector-sticky-header" class="vector-sticky-header"> <div class="vector-sticky-header-start"> <div class="vector-sticky-header-icon-start vector-button-flush-left vector-button-flush-right" aria-hidden="true"> <button class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-sticky-header-search-toggle" tabindex="-1" data-event-name="ui.vector-sticky-search-form.icon"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </button> </div> <div role="search" class="vector-search-box-vue vector-search-box-show-thumbnail vector-search-box"> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail"> <form action="/w/index.php" id="vector-sticky-search-form" class="cdx-search-input cdx-search-input--has-end-button"> <div class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia"> <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <div class="vector-sticky-header-context-bar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-sticky-header-toc" class="vector-dropdown mw-portlet mw-portlet-sticky-header-toc vector-sticky-header-toc vector-button-flush-left" > <input type="checkbox" id="vector-sticky-header-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-sticky-header-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-sticky-header-toc-label" for="vector-sticky-header-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-sticky-header-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div class="vector-sticky-header-context-bar-primary" aria-hidden="true" ><span class="mw-page-title-main">Security information and event management</span></div> </div> </div> <div class="vector-sticky-header-end" aria-hidden="true"> <div class="vector-sticky-header-icons"> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-talk-sticky-header" tabindex="-1" data-event-name="talk-sticky-header"><span class="vector-icon mw-ui-icon-speechBubbles mw-ui-icon-wikimedia-speechBubbles"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-subject-sticky-header" tabindex="-1" data-event-name="subject-sticky-header"><span class="vector-icon mw-ui-icon-article mw-ui-icon-wikimedia-article"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-history-sticky-header" tabindex="-1" data-event-name="history-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-history mw-ui-icon-wikimedia-wikimedia-history"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only mw-watchlink" id="ca-watchstar-sticky-header" tabindex="-1" data-event-name="watch-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-star mw-ui-icon-wikimedia-wikimedia-star"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-edit-sticky-header" tabindex="-1" data-event-name="wikitext-edit-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-wikiText mw-ui-icon-wikimedia-wikimedia-wikiText"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-ve-edit-sticky-header" tabindex="-1" data-event-name="ve-edit-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-edit mw-ui-icon-wikimedia-wikimedia-edit"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-viewsource-sticky-header" tabindex="-1" data-event-name="ve-edit-protected-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-editLock mw-ui-icon-wikimedia-wikimedia-editLock"></span> <span></span> </a> </div> <div class="vector-sticky-header-buttons"> <button class="cdx-button cdx-button--weight-quiet mw-interlanguage-selector" id="p-lang-btn-sticky-header" tabindex="-1" data-event-name="ui.dropdown-p-lang-btn-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-language mw-ui-icon-wikimedia-wikimedia-language"></span> <span>17 languages</span> </button> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive" id="ca-addsection-sticky-header" tabindex="-1" data-event-name="addsection-sticky-header"><span class="vector-icon mw-ui-icon-speechBubbleAdd-progressive mw-ui-icon-wikimedia-speechBubbleAdd-progressive"></span> <span>Add topic</span> </a> </div> <div class="vector-sticky-header-icon-end"> <div class="vector-user-links"> </div> </div> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-b766959bd-2fxh7","wgBackendResponseTime":108,"wgPageParseReport":{"limitreport":{"cputime":"0.512","walltime":"0.599","ppvisitednodes":{"value":2122,"limit":1000000},"postexpandincludesize":{"value":78725,"limit":2097152},"templateargumentsize":{"value":1385,"limit":2097152},"expansiondepth":{"value":12,"limit":100},"expensivefunctioncount":{"value":3,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":123025,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 526.962 1 -total"," 58.25% 306.965 1 Template:Reflist"," 39.17% 206.430 23 Template:Cite_web"," 14.69% 77.406 1 Template:Information_security"," 14.16% 74.632 1 Template:Navbox"," 13.17% 69.383 1 Template:Short_description"," 7.95% 41.877 6 Template:Cite_book"," 7.89% 41.590 2 Template:Pagetype"," 6.90% 36.341 1 Template:Citation_needed"," 5.80% 30.569 1 Template:Fix"]},"scribunto":{"limitreport-timeusage":{"value":"0.335","limit":"10.000"},"limitreport-memusage":{"value":6372631,"limit":52428800}},"cachereport":{"origin":"mw-api-int.codfw.main-5b65fffc7d-v6qch","timestamp":"20250216170639","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Security information and event management","url":"https:\/\/en.wikipedia.org\/wiki\/Security_information_and_event_management","sameAs":"http:\/\/www.wikidata.org\/entity\/Q3493999","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q3493999","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2010-05-07T01:50:04Z","dateModified":"2025-02-16T17:06:35Z","headline":"subsection within the field of computer security, where software products and services combine security information management and security event management"}</script> </body> </html>