Skip to content

Security Information and Event Management

SIEM (Security Information and Event Management) is a security technology that aggregates and analyzes log and event data from different systems (such as servers, network devices, cloud services, and applications) based on built-in query functions. Its core value lies in transforming scattered security data into actionable insights, enhancing threat detection and defense efficiency.

Use Cases

  • Cloud storage bucket leak monitoring
  • Internal data violation access
  • Malicious file upload detection
  • ......

Getting Started

When creating SIEM detection rules in the console, you can customize the detection frequency, detection interval, generated event title and description, and associate alert strategies. After the rule is successfully created, the system will execute the detection based on the set rules. When the detection results match the rule logic, the system generates corresponding SIEM events. Subsequently, the system will determine whether the event meets the trigger conditions of the associated alert strategy. If the conditions are met, an alert notification will be sent externally; if not, only the event will be recorded.