NITRO DEFINITION

Security Information and Event Management(SIEM) is a technology which provides real-time analysis of security alerts generated by network and security devices.
    - The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is commonly known as security event management(SEM).
    - The second area provides long-term storage as well as analysis and reporting of log data is known as security information management(SIM).

- Events: An event is an activity recorded by a device.
- Flows: A flow is a record of connection made between IPs.
- Logs: A log is a record of an event that occurred to a device.
- Parsing: The parsing is to divide words and phrases into different parts in order to understand relationship and meaning.
- Aggregation: An event or flow can potentially be generated thousands of times. Instead of forcing you to sift through thousands of identical events, aggregation allows you to view them as a single event or flow with a count that indicates the number of times it occurred.
- Normalization: Normalization is the process of re-organizing data in a database. So that is meets two basic requirements,
  • There is no redundancy of data(all data is stored in only one place) 
  • Data dependencies are logical(all related data items are stored together)
    The use of normalization is to allow database to take little disk space as possible, resulting in increasing performance.
- Correlation: It look for common attributes and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources in order to turn data into useful information.