Security information and event management (SIEM) is an approach to security management that accumulate relevant data from various sources, identify abnormalities from the norm and take appropriate action. So, when a potential abnormality is detected, a SIEM system log all the information associated, generate an alert and may direct other security controls to stop activity's progress.

SIEM associates two security functions SIM (security information management) and SEM (security event management) into one security management system. Based on legacy log collection management systems, SIM introduces long-term storage analysis and reporting on log data. SIM also integrates logs with threat intelligence. SEM addresses identifying, collecting, monitoring and reporting security-related events in software, systems or IT infrastructure.