ELI5: What are Common SIEM Platforms?
These are the brand names of the big security dashboards — like Splunk or Microsoft Sentinel. Different companies make different versions, but they all collect and analyze security alerts in one place.
Definition
Common SIEM platforms are the leading commercial and open-source products used by organizations to implement Security Information and Event Management capabilities. Each platform offers core capabilities of log aggregation, correlation, alerting, and dashboards, with differentiating features in deployment model, integration ecosystem, analytics capabilities, and cost.
Key Details
- Splunk: industry leader with powerful search language (SPL); on-premises and cloud (Splunk Cloud)
- Microsoft Sentinel: cloud-native SIEM tightly integrated with Azure and Microsoft 365; uses KQL query language
- IBM QRadar: enterprise SIEM with strong network flow analysis and compliance reporting
- Elastic Security (Elastic SIEM): open-source-based solution built on the Elastic Stack (Elasticsearch, Kibana)
- All platforms support log ingestion, correlation rules, dashboards, and alerting as core capabilities
Connections
- Parent: siem — these are the main products used to implement SIEM capabilities
- See also: log-aggregation