Security Information Management

security information management is the process of collecting and storing security information, including selecting and configuring sources of security information. This information may originate from both internal sources (e.g., IDSs, firewalls) and external sources (e.g., malicious domain lists, malicious file hash lists).

Ultimately, the purpose of security information management is to make the information actionable — that is, to enable its use for activities like incident investigation and threat hunting. To do so, the information must be stored in a way that makes it easy to retrieve. Security teams need to be able to search the data and generate reports quickly, so efficient storage and indexing are important factors in security information management.