Let's Talk

SIEM (Security Information and Event Management)

Description: A type of security software that collects and analyzes telemetry data from various sources, including endpoint devices, firewalls, intrusion detection/prevention systems, and servers. The goal of a SIEM is to provide real-time analysis of security events generated by these devices and report security-related information.

SIEM systems rely on log collection agents, such as NXLog Agent, to ingest data from heterogeneous sources. Besides collecting telemetry data, an adequate agent filters, enriches, and transforms the data into the SIEM’s taxonomy before sending it to the SIEM. This initial processing at the log source ensures the SIEM receives clean data that it can analyze efficiently.
Also known as: SIEM solution, SIEM tool, SIEM system
See also: SIEM integration guides

A

Agent-based log collection

Agentless log collection

Agent management

Automatic enrollment

B

C

CEF (Common Event Format)

CSV (Comma-separated Values)

Customer portal

D

DNS (Domain Name System)

E

Endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

Event correlation

F

G

GELF (Graylog Extended Log Format)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

Log centralization

Log normalization

M

Multi-line logs

N

O

P

PCI-DSS (Payment Card Industry Data Security Standard)

R

S

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

Structured logging

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)

U

UDP (User Datagram Protocol)

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows event ID

WMI (Windows Management Instrumentation)

X