Reference document

Security Information and Event Management Services
The Security Information and Event Management (SIEM) Services combines support of security information management and security event management to provide real-time analysis of security alerts generated by service assets (e.g. user applications, IT Services and communications equipment), to identify security threats, detect and prevent breaches, and provide forensic analysis. SIEM Services also support logging and analysis of security data and generation of reports for compliance purposes. The likely sources of logs that SIEM Services ingest include * Intrusion detection systems/intrusion prevention systems (IDS/IPS) * Data Loss Prevention (DLP) systems * Anti-virus and other endpoint security software * Firewalls * Unified Threat Management (UTM) systems * VPN concentrators * Web filters * Honeypot or deception systems * Routers and switches * Domain controllers * Wireless access points * Application servers, intranet application and databases The SIEM Services also provide functionality to periodically and systematically review the application of CIS security during operations by collecting information related to policy compliance and risk management in order to gather evidence of undesirable behaviors and effects. With this the services support the presentation of findings to the appropriate authorities for the purpose of accountability.
CIS Functional Services