SIEM

A Security Information and Event Manager (SIEM) is a one-stop-shop for security log and event analysis in an environment
- Often described as a "single pane of glass" for reviewing security information
- They can have client agents, but often just inspect the network from a central server
- As with many things, the line kind of blurs a little as features for products grow
You will hear the acronym pronounced either as "sim" or "seem"
- Microsoft^[1], TechTarget,^[2], and Splunk^[3] all say it should be pronounced as "sim" with a silent E.
- According to exabeam^[4], it's pronounced as "seem" in Europe, but "sim" in the US
- I don't think it matters unless someone really cares about it; if they really care about it, they need more important things to work on.
Free^[5] SIEMs or SIEM-likes for home-use or practice
- SIEM
  - Security Onion Solutions
- SIEM-Like
  - OSSEC - World's Most Widely Used Host Intrusion Detection System - HIDS
  - Wazuh

Metadata