Security Advanced

What is SIEM (Security Information and Event Management)?

A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.

SIEM systems aggregate logs from firewalls, servers, applications, and endpoints, then apply correlation rules to identify suspicious patterns. A single failed login is normal; 1000 failed logins across 50 servers in 5 minutes triggers an alert.

Features include real-time monitoring, threat detection, compliance reporting, forensic investigation, and incident response workflows. Popular solutions include Splunk, IBM QRadar, Microsoft Sentinel, and Elastic Security. SIEM is central to Security Operations Centers (SOCs).

Related Terms

SOC (Security Operations Center)

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

Man-in-the-Middle Attack

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

View All Security Terms →