Security incident and event management (SIEM) consists of infrastructure that includes software and hardware configured to provide real-time detection and alerting of security-related incidents on a network through collection of information and events. An example SIEM is RSA enVision™, a product of EMC Corp. of Hopkinton, Mass.
Enterprises implement SIEM in order to manage events such as requests for access to resources on their network. Conventional SIEM implementation approaches involve a SIEM vendor or user installing security SIEM infrastructure for an enterprise client in order to provide information security to the client. For example, a SIEM user may generate, as solutions posed by information security problems, basic reports and alerts; the user may then treat the solutions as a turnkey software application.