A security incident and event management (SIEM) system consists of infrastructure that includes software and/or hardware configured to provide detection and alerting of incidents on a network. A system which operates in a manner similar to this is enVision™, a product of EMC Corp. of Hopkinton, Mass.
Some SIEM systems label devices on a network as being either a client or a server. A conventional approach to distinguishing between clients and servers in a SIEM system involves using a manually labeled list of servers and clients. Along these lines, an administrator compiles such a list from knowledge of the devices on the network.