What is a SIEM

The Security information and event management or SIEM for short is a platform that allows you to search through all the log data that comes from your company's hosts. This data allows you to see what is happening in real time which can sometimes allow you to stop an adversary before they can steal data or create persistence on the host. 

This is done by using created rules to sort through the logs and organise the information to be able to be read by an analyst. Once the SIEM detects a threat be it a hands on activity like lateral movement for malware it will then create a signal that will show on your SOC’s dashboard for investigation.