The invention is directed to the field of security in data processing systems.
It is known to deploy security information and event management (SIEM) systems to facilitate security-related operations in data processing systems, especially in large systems as may constitute a data center of an organization for example. The SIEM system is used to collect security-related data from the data processing system, such as data from event logs describing detected activities in the system that may have security implications, and to assist security-focused personnel in carrying out security procedures. These may include real-time monitoring of a system to detect and neutralize attacks or threats; mining historical data for auditing or forensic purposes; and analyzing the data processing system for security vulnerabilities in the interest of improving system security. As a collection point for security-related data, a SIEM system typically includes a database in which the security-related data is stored, and software tools that users employ to gather and analyze relevant data.