Plan: security information and event management (advanced)¶

Security information and event management form the core of the plan function (cf. the MAPE-K loop) and of transforming events into alerts (left part of the figure of analysis). Security information and event management should be regarded as a decision-support system, and as such it encompasses the analyse and plan functions.

From the planning perspective, a SIEM platform defines a set of actions that can be carried out to prevent an attack or to mitigate its effects. To support planning, the SIEM platform collects and correlates information originating from different IDPS sensors in the ICT environment. The platform also processes alerts with the aim of reducing their number, eliminating unnecessary ones, and enriching alerts with contextual information.