A Security Event Management is a computerized tool used on enterprise data networks to centralize the storage and interpretation of logs, or events, generated by other software running on the network.
Many Security Event Management systems and applications which run on a computer network generate events which are kept in event logs. These logs are essentially lists of events, with records of new events being appended to the end of the logs as they occur.
It is beneficial to send all events to a centralized Security Event Management system for the following reasons:
- Access to all logs can be provided through a consistent central interface
- The Security Event Management can provide secure, forensically sound storage and archival of event logs
- Powerful reporting tools can be run on the Security Event Management to mine the logs for useful information
- Events can be parsed as they hit the Security Event Management for significance, and alerts and notifications can be immediately sent out to interested parties as warranted
- Related events which occur on multiple systems can be detected which would be impossible to detect if each system had a separate log
- Events which are sent from a system to a Security Event Management remain on the Security Event Management even if the sending system fails or the logs on it are accidentally or intentionally erased.
Posts
Comments
Custom Search