Features of SIEM tools
Aggregate dashboard
SIEM platforms help visualize event data from applications, databases, servers, firewalls, and other systems to help monitor, detect, and respond to threats. Threat intelligence feeds are built into some SIEM systems, while other solutions support third-party feeds.
Log management
SIEM technology collects, normalizes, and analyzes log data to gain visibility into threats and incidents. Storing long-term data enables more effective analysis, reporting, and forensic investigations.
Threat detection
SIEM can be integrated with threat-hunting and detection tools to provide improved visibility into potential threats and vulnerabilities.
Explore threat hunting
Alerting
Predefined rules, aggregate threat intelligence, SIEM monitoring, and machine learning all enable SIEM solutions to filter and prioritize events, generating high-fidelity alerts for only the issues that matter most to an organization.
Incident response
Advanced analysis provided by SIEM solutions helps security professionals better interpret data, collaborate on cases, and respond to events. Full-featured SIEM solutions can be integrated with security orchestration and automation response (SOAR) technology to automate responses to threats.
Automation
SIEM software can be integrated with other security solutions—such as SOAR tools—to automate workflows and playbooks in response to incidents.
Compliance
SIEM products can aid regulatory security compliance by automating processes like monitoring data, maintaining data logs for auditing, and producing compliance reports.
Integration
SIEM solutions support integration with a variety of other security systems and tools. Advanced SIEM products support:
- Third-party threat intelligence feeds
- Cloud services
- SOAR tools
- User and entity behavior analytics (UEBA)
See Cisco integrations