Security Information and Event Management (SIEM) controller operations?

3 min readJul 17, 2020

In this section, we examine the SIEM Components and Capabilities and how the raw event Data passed to the centralized security insights, and how the controller operates event data and provides a user-friendly visualization. We cover Security Information and Event Management (SIEM) platforms about how it collects log and even data from networking devices, servers, IoT devices. It helps It admins to detect threats that individual security systems cannot see, investigate past security incidents, perform incident response, and prepare reports for annual regulation and compliance purposes. SIEM provides real-time analysis of security events and generated by the configured networking devices and applications.

The core functions of the SIEM is Real-time monitoring, correlation of events, notifications, and console views.

SIEM Components and Capabilities:

Data Aggregation- Collects and aggregates data from security systems and network devices

Alerting- Analyses events and sends alerts to notify security staff of immediate issues

Forensic analysis- Enables exploration of log and event data to discover details of a security incident

Threat Intelligence- Combines internal data with third-party data on threats and vulnerabilities

Dashboards- Creates visualizations to let staff review event data, identify patterns and anomalies

Threat Hunting- Enables security staff to run queries on log and event data to proactively uncover threats

Correlation and Security Monitoring- Links events and related data into security incidents, threats or forensic findings

Compliance- It gathers log data for international standards like HIPAA, PCI/DSS, HITECH, SOX, and GDPR, and generates reports based on these templates.

Incident response- It helps security teams identify, and respond to security incidents, bringing in all relevant data rapidly to respond on time.

Analytics- It uses various statistical models, and machine learning algorithms to identify wider relationships between data elements in the metrics.

Retention- It stores long-term historical data and, metrics. It is quite useful for compliance and forensic investigations in the future.

SOC automation- Advanced SIEMs can automatically respond to incidents but orchestrating security systems, known as Security Orchestration and Response (SOAR)

SIEM- Sample Visualization for reference

Creates visualizations to let IT personal to conduct regular review, organize event data, identify patterns, monitor attack history, attack types, IP origin, attack traffic and anomalies.