Skip to main content
SpringerLink
Log in

Systematic review of SIEM technology: SIEM-SC birth

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

This paper contains a systematic review carried out to address the current status of the System Information and Event Management (SIEM) technology and what may possibly be the next steps in the future. We shall focus on: where SIEM will shift in the near/long-term future, whether this change will affect the technology as it is right now, and finally, what benefits users will obtain from this growing security-monitoring technology. The paradigm of this technology is slowly shifting from monitoring/alerting to demanding international standards with which all security tools must comply in every internal or external audit, leaning toward security-as-a-service rather than premise solutions and improvements to detection engines in order to make them respond faster and in a more agile and accurate manner, thus optimizing analyst time. All of this had been taken into account by comparing, analyzing, correcting, and predicting the near future of this technology, highlighting its usage together with the compatibility of cutting edge technology such as Blockchain, containers, cloud, international compliance. Of the papers analyzed, 50% were new proposals at the time of their publication, impacting on SIEM functionality, and 19% were involved in real scenarios. The authors use the papers analyzed as the basis on which to propose a new framework that is compatible with GDPR, using multiple technologies blockchain, encryption, and containers. This framework has been denominated as SIEM-SC (Security Compliance).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data Availability

The data are not publicly available due to privacy or ethical restrictions.

References

  1. Cinque, M., Cotroneo, D., Pecchia, A.: Challenges and directions in security information and event management (SIEM), In: 2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 95–99, (2018). https://doi.org/10.1109/ISSREW.2018.00-24

  2. Knapp, E.: In: Knapp, E. (ed.) Industrial Network Security, pp. 303–312. Syngress, Boston (2011). https://doi.org/10.1016/B978-1-59749-645-2.00011-2

  3. Kakareka, A.: Detecting System Intrusions, pp. 47–62. Elsevier, Berlin (2013). https://doi.org/10.1016/B978-0-12-394397-2.00003-9

    Book  Google Scholar 

  4. Gonzalez Granadillo, G., Ben Mustapha, Y., Hachem, N., Debar, H.: An ontology-based model for SIEM environments. In: Global Security, Safety and Sustainability & e-Democracy, pp. 148–155. Springer, Berlin (2012). https://doi.org/10.1007/978-3-642-33448-1_21

    Chapter  Google Scholar 

  5. Menges, F., Latzo, T., Vielberth, M., Sobola, S., Pöhls, H.C., Taubmann, B., Köstler, J., Puchta, A., Freiling, F., Reiser, H.P., Pernul, G.: Towards GDPR-compliant data processing in modern SIEM systems. Comput. Secur. 103, 102165 (2021). https://doi.org/10.1016/j.cose.2020.102165

    Article  Google Scholar 

  6. Lee, J.H., Kim, Y.S., Kim, J.H., Kim, I.K.: Toward the SIEM architecture for cloud-based security services. In: 2017 IEEE Conference on Communications and Network Security (CNS), pp. 398–399 (2017). https://doi.org/10.1109/CNS.2017.8228696

  7. Chuvakin, A., Schmidt, K., Phillips, C.: In: Chuvakin, A., Schmidt, K., Phillips C. (eds.) Logging and Log Management, pp. 115–125. Syngress, Boston (2013). https://doi.org/10.1016/B978-1-59-749635-3.00007-5

  8. Bryant, B.D., Saiedian, H.: Improving SIEM alert metadata aggregation with a novel kill-chain based classification model. Comput. Secur. 94, 101817 (2020). https://doi.org/10.1016/j.cose.2020.101817

    Article  Google Scholar 

  9. Bryant, B.D., Saiedian, H.: A novel kill-chain framework for remote security log analysis with SIEM software. Comput. Secur. 67, 198 (2017). https://doi.org/10.1016/j.cose.2017.03.003

    Article  Google Scholar 

  10. Miloslavskaya, N., Tolstoy, A.: New SIEM system for the Internet of Things. In: Lecture Notes in Control and Information Sciences, pp. 317–327 (2019). https://doi.org/10.1007/978-3-030-16184-2_31

  11. Kitchenham, B., Brereton, P.: A systematic review of systematic review process research in software engineering. Inf. Softw. Technol. 55(12), 2049 (2013). https://doi.org/10.1016/j.infsof.2013.07.010

    Article  Google Scholar 

  12. Podzins, O., Romanovs, A.: Why SIEM is irreplaceable in a secure IT environment? In: 2019 Open Conference of Electrical, Electronic and Information Sciences (eStream), pp. 1–5 (2019). https://doi.org/10.1109/eStream.2019.8732173

  13. Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M., In’acio, P.R.: A quick perspective on the current state in cybersecurity. Emerg Trends ICT Secur. 423–442 (2014). https://doi.org/10.1016/B978-0-12-411474-6.00025-6. https://linkinghub.elsevier.com/retrieve/pii/B9780124114746000256

  14. Snedaker, S., Rima, C.: In: Business Continuity and Disaster Recovery Planning for IT Professionals, second edition edn. Syngress, Boston, pp. 369–411 (2014). https://doi.org/10.1016/B978-0-12-410526-3.00007-6

  15. Dalziel, H.: In: Dalziel, H. (ed.) Infosec Management Fundamentals, pp. 45–46. Syngress, Boston (2015). https://doi.org/10.1016/B978-0-12-804172-7.00015-5

  16. Liska, A., Stowe, G.: DNS Network Security, pp. 93–119. Elsevier (2016). https://doi.org/10.1016/B978-0-12-803306-7.00006-1

    Book  Google Scholar 

  17. Knapp, E.D., Langill, J.T.: In: Knapp E.D., Langill J.T. (eds.) Industrial Network Security (Second Edition), second edition edn., pp. 387–407. Syngress, Boston (2015). https://doi.org/10.1016/B978-0-12-420114-9.00013-7

  18. Sood, A.K., Enbody, R.: In: Sood, A.K., Enbody, R. (eds.) Targeted Cyber Attacks, pp. 123–134. Syngress, Boston (2014). https://doi.org/10.1016/B978-0-12-800604-7.00008-5

  19. Casola, V., De Benedictis, A., Rak, M., Villano, U.: In: Ficco, M., Palmieri, F. (eds.) Security and Resilience in Intelligent Data-Centric Systems and Communication Networks, Intelligent Data-Centric Systems, pp. 235–259. Academic Press (2018). https://doi.org/10.1016/B978-0-12-811373-8.00011-2

  20. Lee, J., Kim, J., Kim, I., Han, K.: Cyber threat detection based on artificial neural networks using event profiles. IEEE Access 7, 165607 (2019). https://doi.org/10.1109/ACCESS.2019.2953095

    Article  Google Scholar 

  21. Bertino, E.: Data protection from insider threats. Synth. Lect. Data Manag. 4(4), 1 (2012). https://doi.org/10.2200/S00431ED1V01Y201207DTM028

    Article  Google Scholar 

  22. Staffa, M., Coppolino, L., Sgaglione, L., Gelenbe, E., Komnios, I., Grivas, E., Stan, O., Castaldo, L.: KONFIDO: an OpenNCP-based secure eHealth data exchange system. In: Communications in Computer and Information Science, vol. 821, pp. 11–27. Springer (2018). https://doi.org/10.1007/978-3-319-95189-8_2

  23. Kotenko, I., Doynikova, E.: Security assessment of computer networks based on attack graphs and security events, In: Linawati, Mahendra, M.S., Neuhold, E.J., Tjoa, A.M., You, I. (eds.) Information and Communication Technology, vol. 8407, pp. 462–471. Springer, Berlin (2014). https://doi.org/10.1007/978-3-642-55032-4_47

  24. Blum, D.: Institute Resilience Through Detection, Response, and Recovery, pp. 259–295. Apress, Berkeley (2020). https://doi.org/10.1007/978-1-4842-5952-8_9

    Book  Google Scholar 

  25. Yeluri, R., Castro-Leon, E.: Platform Boot Integrity: Foundation for Trusted Compute Pools, pp. 37–64. Apress, Berkeley (2014). https://doi.org/10.1007/978-1-4302-6146-9_3

    Book  Google Scholar 

  26. Blum, D.: Create Your Rational Cybersecurity Success Plan, pp. 297–313. Apress, Berkeley (2020). https://doi.org/10.1007/978-1-4842-5952-8_10

    Book  Google Scholar 

  27. Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: Communications and Multimedia Security, vol. 8735, pp. 63–72. Springer, Berlin (2014). https://doi.org/10.1007/978-3-662-44885-4_5

    Chapter  Google Scholar 

  28. Tiwari, S., Suryani, E., Ng, A.K., Mishra, K.K., Singh, N.: In: Tiwari, S., Suryani, E., Ng, A.K., Mishra, K.K., Singh N. (eds.) Proceedings of International Conference on Big Data, Machine Learning and their Applications, Lecture Notes in Networks and Systems, vol. 150, Springer, Singapore (2021). https://doi.org/10.1007/978-981-15-8377-3

  29. Botello, J.V., Mesa, A.P., Rodríguez, F.A., Díaz-López, D., Nespoli, P., Mármol, F.G.: BlockSIEM: protecting smart city services through a Blockchain-based and distributed SIEM. Sensors 20(16), 4636 (2020). https://doi.org/10.3390/s20164636

    Article  Google Scholar 

  30. Qusa, H., Allam, H., Younus, F., Ali, M., Ahmad, S.: Secure smart home using open security intelligence systems. In: 2019 Sixth HCT Information Technology Trends (ITT), pp. 12–17 (2019). https://doi.org/10.1109/ITT48889.2019.9075129

  31. Perera, V.H., Senarathne, A.N., Rupasinghe, L.: Intelligent SOC Chatbot for Security Operation Center. In: 2019 International Conference on Advancements in Computing (ICAC), pp. 340–345 (2019). https://doi.org/10.1109/ICAC49085.2019.9103388

  32. Aminanto, M.E., Ban, T., Isawa, R., Takahashi, T., Inoue, D.: Threat alert prioritization using isolation forest and stacked auto encoder with day-forward-chaining analysis. IEEE Access 8, 217977 (2020). https://doi.org/10.1109/ACCESS.2020.3041837

    Article  Google Scholar 

  33. Alves, F., Bettini, A., Ferreira, P.M., Bessani, A.: Processing tweets for cybersecurity threat awareness. Inf. Syst. 95, 101586 (2021). https://doi.org/10.1016/j.is.2020.101586

    Article  Google Scholar 

  34. Rahman, N.H.A., Choo, K.K.R.: In: Ko, R., Choo, K.K.R. (eds.) The Cloud Security Ecosystem. pp. 383–400, Syngress, Boston (2015). https://doi.org/10.1016/B978-0-12-801595-7.00017-3

  35. Aguirre, I., Alonso, S.: Improving the automation of security information management: a collaborative approach. IEEE Secur. Priv. Mag. 10(1), 55 (2012). https://doi.org/10.1109/MSP.2011.153

    Article  Google Scholar 

  36. Yaacoub, J.P.A., Noura, M., Noura, H.N., Salman, O., Yaacoub, E., Couturier, R., Chehab, A.: Securing internet of medical things systems: limitations, issues and recommendations. Future Gener. Comput. Syst. 105, 581 (2020). https://doi.org/10.1016/j.future.2019.12.028

    Article  Google Scholar 

  37. Repetto, M., Carrega, A., Rapuzzi, R.: An architecture to manage security operations for digital service chains. Future Gener. Comput. Syst. 115, 251 (2021). https://doi.org/10.1016/j.future.2020.08.044

    Article  Google Scholar 

  38. Campfield, M.: The problem with (most) network detection and response. Netw. Secur. 2020(9), 6 (2020). https://doi.org/10.1016/S1353-4858(20)30104-5

    Article  Google Scholar 

  39. Serckumecka, A., Medeiros, I., Bessani, A.: Low-cost serverless SIEM in the cloud. In: 2019 38th Symposium on Reliable Distributed Systems (SRDS), pp. 381–3811 (2019). https://doi.org/10.1109/SRDS47363.2019.00057

  40. Kotenko, I., Fedorchenko, A., Saenko, I., Kushnerevich, A.: Parallelization of security event correlation based on accounting of event type links. In: 2018 26th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP), pp. 462–469 (2018). https://doi.org/10.1109/PDP2018.2018.00080

  41. Meyers, R.: Data highway and the digital transformation: arguments for secure, centralised log management. Netw. Secur. 2020(10), 17 (2020). https://doi.org/10.1016/S1353-4858(20)30119-7

    Article  Google Scholar 

  42. Giddens, L., Amo, L.C., Cichocki, D.: Gender bias and the impact on managerial evaluation of insider security threats. Comput. Secur. 99, 102066 (2020). https://doi.org/10.1016/j.cose.2020.102066

    Article  Google Scholar 

  43. Winkler, I., Gomes, A.T.: In: Winkler, I., Gomes A.T. (eds.), Advanced Persistent Security, pp. 105–130. Syngress (2017). https://doi.org/10.1016/B978-0-12-809316-0.00010-5

  44. Nathans, D.: In: Nathans, D. (ed.), Designing and Building Security Operations Center, pp. 25–47. Syngress (2015). https://doi.org/10.1016/B978-0-12-800899-7.00002-1

  45. Li, Y., Zhang, T., Li, X., Li, T.: A model of apt attack defense based on cyber threat detection. In: Yun, X., Wen, W., Lang, B., Yan, H., Ding, L., Li, J., Zhou, Y. (eds.) Cyber Security, vol. 970, pp. 122–135. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-6621-5_10

  46. Bhatt, S., Manadhata, P.K., Zomlot, L.: The Operational role of security information and event management systems. IEEE Secur. Priv. 12(5), 35 (2014). https://doi.org/10.1109/MSP.2014.103

    Article  Google Scholar 

  47. Cárdenas, A.A., Manadhata, P.K., Rajan, S.P.: Big data analytics for security. IEEE Secur. Priv. 11(6), 74 (2013). https://doi.org/10.1109/MSP.2013.138

    Article  Google Scholar 

  48. Margulies, J.: A developer’s guide to audit logging. IEEE Secur. Priv. 13(3), 84 (2015). https://doi.org/10.1109/MSP.2015.50

    Article  Google Scholar 

  49. Coppolino, L., Sgaglione, L., D’Antonio, S., Magliulo, M., Romano, L., Pacelli, R.: Risk assessment driven use of advanced SIEM technology for cyber protection of critical e-health processes. SN Comput. Sci. 3(1), 16 (2021). https://doi.org/10.1007/s42979-021-00858-4

    Article  Google Scholar 

  50. Raja, M.S.N., Vasudevan, A.: Rule generation for TCP SYN flood attack in SIEM environment. Procedia Comput. Sci. 115, 580 (2017). https://doi.org/10.1016/j.procs.2017.09.117

    Article  Google Scholar 

  51. Mulyadi, F., Annam, L.A., Promya, R., Charnsripinyo, C.: Implementing Dockerized Elastic Stack for Security Information and Event Management. In: 2020—5th International Conference on Information Technology (InCIT), pp. 243–248 (2020). https://doi.org/10.1109/InCIT50588.2020.9310950

  52. Vasilyev, V., Shamsutdinov, R.: Security analysis of wireless sensor networks using SIEM and multi-agent approach. In: 2020 Global Smart Industry Conference (GloSIC), pp. 291–296 (2020). https://doi.org/10.1109/GloSIC50886.2020.9267830

  53. Almomani, I., Al-Kasasbeh, B., Al-Akhras, M.: WSN-DS: a dataset for intrusion detection systems in wireless sensor networks. J. Sens. 2016, 1 (2016). https://doi.org/10.1155/2016/4731953

    Article  Google Scholar 

  54. Kotenko I, Fedorchenko A, Saenko I, Kushnerevich A (2017) Big data technologies for security event correlation based on event type accounting. Vopr. Kiberbezopasnosti 5(24), 2. https://doi.org/10.21681/2311-3456-2017-5-2-16

  55. Vianello, V., Gulisano, V., Jimenez-Peris, R., Patino-Martinez, M., Torres, R., Diaz, R., Prieto, E.: A Scalable SIEM Correlation Engine and Its Application to the Olympic Games IT Infrastructure. In: 2013 International Conference on Availability, Reliability and Security, pp. 625–629 (2013). https://doi.org/10.1109/ARES.2013.82

  56. Stephen, J.J., Gmach, D., Block, R., Madan, A., AuYoung, A.: Distributed real-time event analysis. In: 2015 IEEE International Conference on Autonomic Computing, pp. 11–20 (2015). https://doi.org/10.1109/ICAC.2015.12

  57. Malkhi, D. (ed.): Concurrency: The Works of Leslie Lamport. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3335772

  58. Iskhakov, A., Iskhakov, S.: Data Normalization models in the security event management systems. In: 2020 13th International Conference ”Management of large-scale system development” (MLSD), pp. 1–5 (2020). https://doi.org/10.1109/MLSD49919.2020.9247682

  59. Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Integration of a system for critical infrastructure protection with the OSSIM SIEM platform: a dam case study, In: Flammini, F., Bologna, S., Vittorini, V. (ed.) Computer Safety, Reliability, and Security. SAFECOMP 2011, pp. 199–212. Springer, Berlin (2011). https://doi.org/10.1007/978-3-642-24270-0_15

  60. Hindy, H., Brosset, D., Bayne, E., Seeam, A., Bellekens, X.: Improving SIEM for critical SCADA water infrastructures using machine learning. In: Lecture Notes in Computer Science, vol. 11387, pp. 3–19. Springer, Switzerland (2019). https://doi.org/10.1007/978-3-030-12786-2_1

  61. Formicola, V., Di Pietro, A., Alsubaie, A., D’Antonio, S., Marti, J.: Assessing the impact of cyber attacks on wireless sensor nodes that monitor interdependent physical systems. In: International Conference on Critical Infrastructure Protection, vol. 441, pp. 213–229. Springer (2014). https://doi.org/10.1007/978-3-662-45355-1_14

  62. Di Mauro, M., Di Sarno, C.: Improving SIEM capabilities through an enhanced probe for encrypted Skype traffic detection. J. Inf. Secur. Appl. 38, 85 (2018). https://doi.org/10.1016/j.jisa.2017.12.001

    Article  Google Scholar 

  63. Chernov, A.V., Butakova, M.A., Karpenko, E.V.: Security incident detection technique for multilevel intelligent control systems on railway transport in Russia. In: 2015 23rd Telecommunications Forum Telfor (TELFOR), pp. 1–4 (2015). https://doi.org/10.1109/TELFOR.2015.7377381

  64. Lavrova, D.S.: An approach to developing the SIEM system for the Internet of Things. Autom. Control Comput. Sci. 50(8), 673 (2016). https://doi.org/10.3103/S0146411616080125

    Article  Google Scholar 

  65. Muthuraj, S., Sethumadhavan, M., Amritha, P.P., Santhya, R.: Detection and prevention of attacks on active directory using SIEM. Inf. Commun. Technol. Intell. Syst. 196, 533 (2021). https://doi.org/10.1007/978-981-15-7062-9_53

    Article  Google Scholar 

  66. Hwoij, A., Khamaiseh, A., Ababneh, M.: SIEM architecture for the Internet of Things and smart city. In: International Conference on Data Science, E-Learning and Information Systems 2021. Association for Computing Machinery, New York, DATA’21, pp. 147–152 (2021). https://doi.org/10.1145/3460620.3460747

  67. Anumol, E.T.: Use of machine learning algorithms with SIEM for attack prediction. In: Jain, L.C., Patnaik, S., Ichalkaranje, N. (eds.), Intelligent Computing, Communication and Devices, pp. 231–235. Springer, New Delhi (2015). https://doi.org/10.1007/978-81-322-2012-1_24

  68. Zhong, C., Yen, J., Liu, P., Erbacher, R.F.: Automate cybersecurity data triage by leveraging human analysts’ cognitive process. In: 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), pp. 357–363 (2016). https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2016.41

  69. Usman, N., Usman, S., Khan, F., Jan, M.A., Sajid, A., Alazab, M., Watters, P.: Intelligent dynamic malware detection using machine learning in IP reputation for forensics data analytics. Future Gener. Comput. Syst. 118, 124 (2021). https://doi.org/10.1016/j.future.2021.01.004

    Article  Google Scholar 

  70. Bachane, I., Adsi, Y.I.K., Adsi, H.C.: Real time monitoring of security events for forensic purposes in Cloud environments using SIEM. In: 2016 Third International Conference on Systems of Collaboration (SysCo) (IEEE, 2016), pp. 1–3. https://doi.org/10.1109/SYSCO.2016.7831327. http://ieeexplore.ieee.org/document/7831327/

  71. Kotenko, I., Shorov, A., Chechulin, A., Novikova, E.: Dynamical Attack Simulation for Security Information and Event Management, pp. 219–234. Springer, Berlin (2014). https://doi.org/10.1007/978-3-642-31833-7_14

    Book  Google Scholar 

  72. Kotenko, I., Chechulin, A.: Attack modeling and security evaluation in SIEM systems. Int. Trans. Syst. Sci. Appl. 8, 129 (2012)

    Google Scholar 

  73. Peng, T., Leckie, C., Ramamohanarao, K.: Proactively detecting distributed denial of service attacks using source IP address monitoring. Networking 3042, 771 (2004). https://doi.org/10.1007/978-3-540-24693-0_63

    Article  Google Scholar 

  74. Di Sarno, C., Formicola, V., Sicuranza, M., Paragliola, G.: Addressing security issues of electronic health record systems through enhanced SIEM technology. In: 2013 International Conference on Availability, Reliability and Security, pp. 646–653 (2013). https://doi.org/10.1109/ARES.2013.85

  75. Afzaal, M., Di Sarno, C., Dantonio, S., Romano, L.: An intrusion and fault tolerant forensic storage for a SIEM system. In: 2012 Eighth International Conference on Signal Image Technology and Internet Based Systems, pp. 579–586 (2012). https://doi.org/10.1109/SITIS.2012.89

  76. Inns, J.: The evolution and application of SIEM systems. Netw. Secur. 2014(5), 16 (2014). https://doi.org/10.1016/S1353-4858(14)70051-0

    Article  Google Scholar 

  77. Howell, D.: Building better data protection with SIEM. Comput. Fraud Secur. 2015(8), 19 (2015). https://doi.org/10.1016/S1361-3723(15)30077-4

    Article  Google Scholar 

  78. Udipi, S.: The event data management problem: getting the most from network detection and response. Netw. Secur. 2021(1), 12 (2021). https://doi.org/10.1016/S1353-4858(21)00008-8

    Article  Google Scholar 

  79. Bachane, I., Adsi, Y.I.K., Adsi, H.C.: Real time monitoring of security events for forensic purposes in Cloud environments using SIEM. In: 2016 Third International Conference on Systems of Collaboration (SysCo), pp. 1–3 (2016). https://doi.org/10.1109/SYSCO.2016.7831327

  80. Li, T., Yan, L.: SIEM based on big data analysis. Lect. Notes Comput. Sci. 167–175, 167 (2017). https://doi.org/10.1007/978-3-319-68505-2_15

    Article  Google Scholar 

  81. Nabil, M., Soukainat, S., Lakbabi, A., Ghizlane, O.: SIEM selection criteria for an efficient contextual security. In: 2017 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–6 (2017). https://doi.org/10.1109/ISNCC.2017.8072035

  82. Mokalled, H., Catelli, R., Casola, V., Debertol, D., Meda, E., Zunino, R.: The applicability of a SIEM solution: requirements and evaluation. In: 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 132–137 (2019). https://doi.org/10.1109/WETICE.2019.00036

  83. Safarzadeh, M., Gharaee, H., Panahi, A.H.: A novel and comprehensive evaluation methodology for SIEM. Lect. Notes Comput. Sci. 11879, 476 (2019). https://doi.org/10.1007/978-3-030-34339-2_28

    Article  Google Scholar 

  84. Leszczyna, R., Wrobel, M.R.: Evaluation of open source SIEM for situation awareness platform in the smart grid environment. In: 2015 IEEE World Conference on Factory Communication Systems (WFCS), pp. 1–4 (2015). https://doi.org/10.1109/WFCS.2015.7160577

  85. Sahay, B., Gupta, A.: Development of software selection criteria for supply chain solutions. Ind. Manag. Data Syst. 103(2), 97 (2003). https://doi.org/10.1108/02635570310463429

    Article  Google Scholar 

  86. Vazao, A., Santos, L., Piedade, M.B., Rabadao, C.: SIEM open source solutions: a comparative study. In: 2019 14th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–5 (2019). https://doi.org/10.23919/CISTI.2019.8760980

  87. Ünal, U., Kahya, C.N., Kurtlutepe, Y., Dağ, H.: Investigation of cyber situation awareness via SIEM tools: a constructive review. In: 2021 6th International Conference on Computer Science and Engineering (UBMK), pp. 676–681 (2021). https://doi.org/10.1109/UBMK52708.2021.9558964

  88. Svoboda, T., Horalek, J., Sobeslav, V.: Behavioral analysis of SIEM solutions for energy technology systems. In: Context-Aware Systems and Applications, and Nature of Computation and Communication. Springer, pp. 265–276 (2021). https://doi.org/10.1007/978-3-030-67101-3_21

  89. Gartner, I.N.C.: IT Glossary. https://www.gartner.com/en/information-technology/glossary. Accessed 05 Sept 2022

  90. Kończak, J., de Sousa Santos, N.F., Żurkowski, T., Wojciechowski, P.T., Schiper, A.: JPaxos: state machine replication based on the Paxos protocol (2011)

  91. Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Enhancing SIEM technology to protect critical infrastructures. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds.) Critical Information Infrastructures Security, pp. 10–21. Springer, Berlin (2013). https://doi.org/10.1007/978-3-642-41485-5_2

  92. Vazão, A., Santos, L., Oliveira, A., Rabadão, C.: A GDPR compliant SIEM solution. In: European Conference on Cyber Warfare and Security. Academic Conferences International Limited PP, Reading, i, pp. 440–448, XIV (2021). https://doi.org/10.34190/EWS.21.081

  93. I.B.M. Corp. QRadar on Cloud (2022). https://www.ibm.com/products/hosted-security-intelligence. Accessed 05 Sept 2022

Download references

Acknowledgements

This work has been funded by the projects AETHER-UCLM (PID2020-112540RB-C42) and ALBA-UCLM (TED2021-130355B-C31) funded by ’Ministerio de Ciencia e Innovación,’ Spain.

Author information

Authors and Affiliations

  1. Istmo University (UNIS), Km 19.2, Fraijanes, Guatemala

    Juan Miguel López Velásquez

  2. International de la Rioja University (UNIR), Av. de la Paz, 137, Logroño, La Rioja, Spain

    Juan Miguel López Velásquez & Sergio Mauricio Martínez Monterrubio

  3. Department of Software Engineering and Artificial Intelligence (DISIA), School of Computer Science, Complutense University of Madrid, Calle Profesor José García Santesmases 9, Ciudad Universitaria, Madrid, 28040, Spain

    Sergio Mauricio Martínez Monterrubio

  4. GSyA Research Group, University of Castilla-la Mancha, Ciudad Real, Spain

    Luis Enrique Sánchez Crespo & David Garcia Rosado

Authors
  1. Juan Miguel López Velásquez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sergio Mauricio Martínez Monterrubio
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luis Enrique Sánchez Crespo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David Garcia Rosado
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Juan Miguel López Velásquez.

Ethics declarations

Conflict of interest

There are no conflicts of interest within this manuscript.

Ethical approval

This article does not contain any studies with human participants performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

López Velásquez, J.M., Martínez Monterrubio, S.M., Sánchez Crespo, L.E. et al. Systematic review of SIEM technology: SIEM-SC birth. Int. J. Inf. Secur. 22, 691–711 (2023). https://doi.org/10.1007/s10207-022-00657-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-022-00657-9

Keywords

Search

Navigation