What is a SIEM?
The central tool a SOC uses to gather and analyze security data — the NIST definition.
What it means
NIST defines a SIEM (Security Information and Event Management) tool as an "application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface."
In practice, a SIEM collects logs and alerts from across an organization's systems so analysts can spot and investigate threats from one place. Hands-on SIEM experience is commonly valued in SOC analyst roles.
Definitional only; not a product recommendation.
Sources
- National Institute of Standards and Technology — NIST CSRC Glossary — SIEM tool: https://csrc.nist.gov/glossary/term/security_information_and_event_management_tool
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | NIST CSRC glossary — SIEM tool | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary — SIEM tool |