Security information and event management

from Wikipedia, the free encyclopedia
This article or the following section is not adequately provided with supporting documents ( e.g. individual evidence ). Information without sufficient evidence could be removed soon. Please help Wikipedia by researching the information and including good evidence.

Security Information and Event Management ( SIEM ) combines the two concepts Security Information Management (SIM) and Security Event Management (SEM) for the real-time analysis of security alarms from the sources of applications and network components. SIEM thus serves the computer security of an organization and is a software product that can be installed centrally or used as a cloud service.

The term security information event management (SIEM), coined in 2005 by Mark Nicolett and Amrit Williams from Gartner, includes:

  • the ability of products to collect, analyze and present the data from network and security components
  • dealing with security vulnerabilities
  • Operating system, database and application log files
  • external dangers
  • Real-time alerts

Some SIEM providers are: Arcsight, Empow, Exabeam, LogPoint, Logrhythm, QRadar and Splunk .

Web links

  • Computerwoche.de / ... - What distinguishes SIM and SEM from SIEM (April 23, 2013 by Matthias Maier) (Retrieved March 2, 2019).

Individual evidence

  1. Security Information and Event Management (SIEM). Accessed December 21, 2019 (German).
  2. Amrit Williams: Improve IT Security With Vulnerability Management . May 2, 2005 .: "Security information and event management (SIEM)"
  3. Splunk - SIEM explained. In: Visual Coding + Hacking Tutorials. September 12, 2019, accessed December 21, 2019 .
  4. Create real-time alerts - Splunk Documentation. Retrieved December 21, 2019 .