← Glossary·Security

SIEM

Also known as: Security Information and Event Management
SOC 2ISO 27001PCI DSSHIPAA

Platform aggregating, correlating, and alerting on security log data across an environment.

SIEM platforms (Splunk, Sentinel, Sumo, Panther, Chronicle) ingest log and telemetry data from across an environment, normalise and correlate it, run detection rules, and alert on suspected security incidents. Modern stacks pair SIEM with SOAR and XDR.

Why it matters
‘No evidence of log review’ is a recurring SOC 2 CC7 exception. Untuned SIEMs that fire 10K alerts/day and ignore them are functionally worse than no SIEM at all.

Related terms

Audit Logging
Tamper-resistant recording of security-relevant events for monitoring, investigation, and evidence.
Incident Response (IR)
Documented, tested process for detecting, containing, eradicating, and recovering from security incidents.

Does your program actually cover SIEM?

Run a free ComplianceIQ audit against SOC 2 and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free SOC 2 auditBack to glossary