What is SIEM and what are its core functions?

SIEM stands for Security Information and Event Management. It centralizes what happens across the network by collecting logs from servers, network devices, endpoints, and applications, then normalizing and storing that data. The core value is the ability to correlate events from different sources so the system can detect complex or blended attacks that wouldn’t be obvious from a single log alone. It analyzes the data in real time or near real time, generates alerts for suspected security incidents, and provides dashboards, reports, and search capabilities to support monitoring, investigation, and compliance. In practice, SIEM helps security teams detect incidents quickly, investigate them with contextual information, and maintain an audit trail for forensics and regulatory reporting. The other options describe different security tools: a firewall rule management tool handles access controls on firewalls, a vulnerability scanner identifies weaknesses, and a data loss prevention system focuses on preventing sensitive data exfiltration—none of these perform the full log collection and event correlation functions of a SIEM.