SIEM (Security information and event management) is the union of two terms denoting the application areas Security Information Management (SIM) and Security Event Management (SEM). The SIEM technology provides real-time analysis of events (alarms), security emanating from network devices, and applications.
In our environment, SIEM solutions allows us to track security events and to better correlate the actions of the simulated attacker and security specialist.
The field of knowledge about SIEM is very broad and requires several books. In this book, we will only touch on this subject and show how to install the popular free solution OSSIM.