Search the Community

All About SIEM If you have heard about SIEM, but do not have idea what it is and how it works then you are at the Right place. In this article I would be explaning what SIEM is and how it works. Full Form of SIEM The Full Form of SIEM is Security Incident and Event Management. As it's name suggests it is used for Security Management of an Enterprise. It is basically related to real-time analysis of logs through various sources. What is SIEM ? SIEM is a log management solutions which is used to collect logs from different sources such as firewall logs, windows Event logs , IDS Logs and logs from various services like FTP, SSH, SMTP, SSL etc.... These all logs are collected to a centralized location via SIEM and then we can use those logs can be used for generating a timeline of when which event happened and this can be very helpful in Incident Response process. Some modern SIEM solutions can also be integrated to cloud and then gather logs from AWS and Azure and other cloud services. Their are also forwarders available which can be used to forward logs from one system to another. Where SIEM is used ? SIEM is used in enterprise to track performance of their website. For example they can see how many users visited their log in and then Payment page so that they can keep a track on their user behavior weather they are buying products or not. Also it is used to manage and collect logs so if any incident is reported the timeline of malicious events can be made and it can be determined what malicious activities happened so that they can be mitigated. Some of the SIEM solutions which I would recommend is , Splunk, QRadar, GrayLog. -Dipanshu Pandey