---
type: "term"
title: "SIEM (Security Information and Event Management)"
description: "A category of security tools that aggregate and analyze log data from across an organization's infrastructure to detect security events."
resource: "tlctc:term:siem-security-information-and-event-management"
tags:
  - "glossary"
---
# SIEM (Security Information and Event Management)

A category of security tools that aggregate and analyze log data from across an organization's infrastructure to detect security events. In the TLCTC velocity model, SIEM is the primary detection tool for the **Medium Velocity Class** (hours) where analyst triage is feasible. SIEM uses operational notation (`TLCTC-XX.YY`) for correlation rules, while dashboards may display strategic notation (`#X`) for SOC managers.

See also: Medium Velocity Class, EDR, SOAR, Notation Systems