Security Information and Event Management (SIEM)1

Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes. The term and the initialism SIEM was coined by Mark Nicolett and Amrit Williams of Gartner in 2005.1

Areas of Security Monitoring

Areas of Security Monitoring 2

Service AreaService Function DescriptionSolution Examples
Systems Health MonitoringAutomation of service availability, capacity, and integrityhttps://www.zabbix.com/
https://www.nagios.org/
Network Traffic AnalyzerAutomation of north-south, east-west network traffic patterns, audit trails and anomaly detectionhttps://zeek.org/

https://securityonionsolutions.com/
Intrusion Detection System (IDS)A device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system.https://suricata-ids.org/

https://securityonionsolutions.com/
File Integrity Monitoring (FIM)An internal control or process that performs the act of validating the integrity of operating system and application softwarefiles using a verification method between the current file state and a known, good baselinehttps://en.wikipedia.org/wiki/File_integrity_monitoring

- Virus Scanning
Log AnalysisAutomated and consolidated collection of system logs, analysis and detection of anomalous security, or systems health events.https://www.elastic.co/logstash

https://www.rsyslog.com/
Regulatory ComplianceAutomated detection of regulatory non-compliance eventshttps://documentation.wazuh.com/current/index.html
Vulnerability ScanningAutomated detection of known security vulnerabilities through active probing and penetration testing.https://en.wikipedia.org/wiki/Kali_Linux

https://www.tenable.com/products/nessus
Patch Management and ValidationAutomated management of validated and current patch levels for production software and hardware firmwares.  Verification of patch status for each configuration item / asset.https://en.wikipedia.org/wiki/Windows_Server_Update_Services

https://support.apple.com/en-us/HT209069
- APT / YUM / NPM / PIP
Authentication Event LoggingAutomated logging of all user and host bases authentication events.
Data Visualization and AnalysisUser interface for quickly querying and visualized large amounts of data from multiple sources.https://securityonionsolutions.com/
https://www.elastic.co/what-is/elk-stack

https://www.splunk.com/
https://www.elastic.co/kibana
Configuration Management

Infrastructure as Code
Automated integration of system configuration definition, implementation, and documentation.  Repeatable, modular, scalable deployment for cyberinfrastructure.https://www.ansible.com/
https://puppet.com/
https://www.chef.io/
Asset ManagementPhysical, virtual and digital asset management.  Maximized Automation of Data Collectionhttps://snipeitapp.com/

https://documentation.wazuh.com/current/index.html
Identity Management (IdM)Source of Truth Identity Management database and authentication serviceshttps://incommon.org/software/comanage/

https://incommon.org/academy/grouper/
http://cilogin.org/
https://openid.net/what-is-openid/
- Open LDAP
- Microsoft Active Directory

Reading Material

Notable Software Solutions

This site does not promote any vendor products. The following are highlighted base only on familiarity with feature sets.

Wazuh

Wazuh is a free and open source platform for threat detection, security monitoring, incident response and regulatory compliance. It can be used to monitor endpoints, cloud services and containers, and to aggregate and analyze data from external sources.

Security Onion

Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

Services

Run your own for free, or outsource hosting and support.

Zabbix

Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. Zabbix is Open Source and comes at no cost.points, cloud services and containers, and to aggregate and analyze data from external sources.