- The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is commonly known as security event management(SEM).
- The second area provides long-term storage as well as analysis and reporting of log data is known as security information management(SIM).
- Events: An event is an activity recorded by a device.
- Flows: A flow is a record of connection made between IPs.
- Logs: A log is a record of an event that occurred to a device.
- Parsing: The parsing is to divide words and phrases into different parts in order to understand relationship and meaning.
- Aggregation: An event or flow can potentially be generated thousands of times. Instead of forcing you to sift through thousands of identical events, aggregation allows you to view them as a single event or flow with a count that indicates the number of times it occurred.
- Normalization: Normalization is the process of re-organizing data in a database. So that is meets two basic requirements,
- There is no redundancy of data(all data is stored in only one place)
- Data dependencies are logical(all related data items are stored together)
- Correlation: It look for common attributes and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources in order to turn data into useful information.