Security Event Manager

A security event manager is a tool for viewing and analyzing events recorded in log data from other tools, such as firewalls and antivirus software. Importing log data into a security event manager makes activities like threat hunting and incident response easier and more effective. In threat hunting, for instance, analysts can use a security event manager to look for data that supports a hypothesis regarding a potential threat. Incident response teams can use a security event manager to gain a better understanding of what was compromised in an incident and what action they can take to resolve the issue.