Security Information and Event Management (SIEM)
SIEM collects and correlates logs to detect threats and support investigations.
Updated: 2026-03-05
Definition
A SIEM ingests logs from many sources (servers, apps, firewalls, cloud) and correlates events to detect suspicious activity.
It supports alerting, dashboards, and investigation workflows.
Key points
- Centralizes logging and correlation
- Useful for detection and incident response
- Quality depends on log sources and tuning
Common mistakes
- Assuming SIEM = automatic security (it needs tuning and response processes).
- Not normalizing logs or missing key sources (blind spots).
Related exams
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams