Comparative Analysis of Open Source Security Information & Event Management Systems (SIEMs)

Abstract

A Security Information and Event Management system (SIEM) is a tool used to collect, analyze, normalize and correlate data from various devices to identify potential cyber threats almost in real-time. SIEM provides a unified approach to security issues through two zones: Security Information Management (SIM) and Security Event Management (SEM). SIM deals with managing logs and reporting, while SEM deals with event management and real-time monitoring. SIEM tools collect data events in a central unit from various devices, normalize their format, analyze them, and generate reports and alerts. SIEM combines the ability of log management to generate a compliance report with the ability to manage threats. However, the central approach may present significant disadvantages, such as slowing system performance and complicating the prioritization of queries.