SIEM solutions can serve many roles for security organizations, including as a system of record for compliance, audit, forensics data and general reporting or to monitor relevant security alerts and data, allowing a single source of truth on real-time, prioritized alerts across an organization.
The current class of SIEM solutions use a variety of analysis techniques, including correlation, statistical deviation and machine learning to identify threats and other events of interest. They should allow the enterprise to turn raw alert data into actionable intelligence, through whatever analysis method works best, based on the monitoring objective.
