Untangling Events, part 2

by Philip Howard,  Bloor Research

The purpose of this series of articles is to identify if all of the different approaches to handling events are part of a single market or whether they should be treated as separate. In the first article I outlined six characteristics for handling events: monitor, filter/aggregate, correlate, alert, store and report. However, we were unable to reach any conclusions based on this a priori analysis so I promised to look at individual market sectors to see if we could learn anything from them. In this article I am going to focus on SIEM (security information and event management).  second article