{"id":12541,"date":"2021-08-13T09:21:59","date_gmt":"2021-08-13T13:21:59","guid":{"rendered":"https:\/\/tsisupport.com\/?post_type=glossary&#038;p=12541"},"modified":"2021-09-09T02:15:41","modified_gmt":"2021-09-09T06:15:41","slug":"security-information-and-event-management-siem","status":"publish","type":"glossary","link":"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem","title":{"rendered":"Security Information and Event Management (SIEM)"},"content":{"rendered":"<h2><b>What is SIEM?<\/b><\/h2>\n<p>Security Information and Event Management (SIEM) is a tool that organizations can use to help automate real-time detection and response to potential threats.<\/p>\n<h2><b>How does SIEM work?<\/b><\/h2>\n<p>SIEM works by gathering logs from multiple sources (i.e. firewalls, switches, servers, endpoints, etc.) into a centralized location. The SIEM ingests the log data and conducts automated analysis, correlation, and reporting. This takes the burden away from System Administrators of having to manually sort through thousands of event log entries on multiple systems.<\/p>\n<h2><b>What are the benefits of using SIEM?<\/b><\/h2>\n<p>Some key benefits of incorporating a SIEM solution for your organization include:<\/p>\n<ul>\n<li>24&#215;7 Threat Detection and Alerting<\/li>\n<li>Centralized Data Logging and Monitoring<\/li>\n<li>Compliance<\/li>\n<li>Data Retention and Storage<\/li>\n<li>Real-Time Alerting and Incident Response<\/li>\n<\/ul>\n<h2><b>SIEM Use Cases\u00a0<\/b><\/h2>\n<ul>\n<li>Company ABC receives an automated alert from their SIEM that a user has logged into their email successfully from another country. After reaching out to the user, the IT team confirms that this was not an approved login. The IT team was quickly able to respond to the incident and remove the threat actor\u2019s access to the compromised email to prevent any further damage.<\/li>\n<li>Your organization configures the SIEM tool to send automated alerts when a user accesses sensitive employee data stored on a file server. The IT team receives multiple alerts that a user has accessed data on the server that contains other employee\u2019s social security numbers. The IT team was able to respond to the event and remove the user\u2019s access, as well as provide management detail of what information the user was able to view successfully. In addition, this event prompts the IT team to perform a full audit of user access and was able to find that multiple other users had access to the data that they were not supposed to.<\/li>\n<\/ul>\n","protected":false},"featured_media":12576,"template":"","meta":{"_links_to":"","_links_to_target":""},"categories":[379],"glossaries":[377],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security Information and Event Management (SIEM) - TSI Support<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Information and Event Management (SIEM) - TSI Support\" \/>\n<meta property=\"og:description\" content=\"What is SIEM? Security Information and Event Management (SIEM) is a tool that organizations can use to help automate real-time detection and response to potential threats. How does SIEM work? SIEM works by gathering logs from multiple sources (i.e. firewalls, switches, servers, endpoints, etc.) into a centralized location. The SIEM ingests the log data and&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem\" \/>\n<meta property=\"og:site_name\" content=\"TSI Support\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-09T06:15:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2021\/08\/Security-Information-and-Event-Management.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"750\" \/>\n\t<meta property=\"og:image:height\" content=\"422\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem\",\"name\":\"Security Information and Event Management (SIEM) - TSI Support\",\"isPartOf\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2021\/08\/Security-Information-and-Event-Management.jpg\",\"datePublished\":\"2021-08-13T13:21:59+00:00\",\"dateModified\":\"2021-09-09T06:15:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#primaryimage\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2021\/08\/Security-Information-and-Event-Management.jpg\",\"contentUrl\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2021\/08\/Security-Information-and-Event-Management.jpg\",\"width\":750,\"height\":422},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tsisupport.com\/tsistaging\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Glossaries\",\"item\":\"https:\/\/tsisupport.com\/tsistaging\/?post_type=glossary\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security Information and Event Management (SIEM)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#website\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/\",\"name\":\"TSI Support\",\"description\":\"TSI - Technical Support International\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tsisupport.com\/tsistaging\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Information and Event Management (SIEM) - TSI Support","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Security Information and Event Management (SIEM) - TSI Support","og_description":"What is SIEM? Security Information and Event Management (SIEM) is a tool that organizations can use to help automate real-time detection and response to potential threats. How does SIEM work? SIEM works by gathering logs from multiple sources (i.e. firewalls, switches, servers, endpoints, etc.) into a centralized location. The SIEM ingests the log data and&hellip;","og_url":"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem","og_site_name":"TSI Support","article_modified_time":"2021-09-09T06:15:41+00:00","og_image":[{"width":750,"height":422,"url":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2021\/08\/Security-Information-and-Event-Management.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem","url":"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem","name":"Security Information and Event Management (SIEM) - TSI Support","isPartOf":{"@id":"https:\/\/tsisupport.com\/tsistaging\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#primaryimage"},"image":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#primaryimage"},"thumbnailUrl":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2021\/08\/Security-Information-and-Event-Management.jpg","datePublished":"2021-08-13T13:21:59+00:00","dateModified":"2021-09-09T06:15:41+00:00","breadcrumb":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#primaryimage","url":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2021\/08\/Security-Information-and-Event-Management.jpg","contentUrl":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2021\/08\/Security-Information-and-Event-Management.jpg","width":750,"height":422},{"@type":"BreadcrumbList","@id":"https:\/\/tsisupport.com\/tsistaging\/?glossary=security-information-and-event-management-siem#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tsisupport.com\/tsistaging\/"},{"@type":"ListItem","position":2,"name":"Glossaries","item":"https:\/\/tsisupport.com\/tsistaging\/?post_type=glossary"},{"@type":"ListItem","position":3,"name":"Security Information and Event Management (SIEM)"}]},{"@type":"WebSite","@id":"https:\/\/tsisupport.com\/tsistaging\/#website","url":"https:\/\/tsisupport.com\/tsistaging\/","name":"TSI Support","description":"TSI - Technical Support International","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tsisupport.com\/tsistaging\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/glossary\/12541"}],"collection":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/types\/glossary"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/media\/12576"}],"wp:attachment":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12541"},{"taxonomy":"glossaries","embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fglossaries&post=12541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}