Introduction

SIEM tools detect and block security threats with real-time analysis. They collect data from a range of sources, identify activity that deviates from the norm, and take action.

SIEM tools powered by machine learning are capable of learning over time what represents normal behaviour and what is a true deviation, improving their accuracy. This is especially important, given that technology, attack vectors and hacker sophistication evolve faster than ever.

• ELK Stack

• Splunk