Security Advanced

What is SIEM (Security Information and Event Management)?

A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.

SIEM systems aggregate logs from firewalls, servers, applications, and endpoints, then apply correlation rules to identify suspicious patterns. A single failed login is normal; 1000 failed logins across 50 servers in 5 minutes triggers an alert.

Features include real-time monitoring, threat detection, compliance reporting, forensic investigation, and incident response workflows. Popular solutions include Splunk, IBM QRadar, Microsoft Sentinel, and Elastic Security. SIEM is central to Security Operations Centers (SOCs).

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

Linux Intrusion Detection with OSSEC & Wazuh

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Related Terms

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

Content Security Policy (CSP)

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

View All Security Terms →