SIEM

A SIEM centralizes logs from across the environment and correlates them so a sequence harmless in isolation (one failed login here, a new admin account there) surfaces as one alert. Its value is precisely that cross-source correlation — single-source rules belong in the source tool. Modern SIEMs blend with data lakes and UEBA for behavioral analytics, and feed SOAR for automated response.