Services

Explore Kyndryl Bridge Services

Security Information and Event Management
Published On Sep 08, 2025 - 1:38 AM

Security Information and Event Management

Learn about SIEM, its key features, benefits, and functionalities.
Security Information and Event Management (SIEM) is a security solution that collects and analyzes security data from various sources to detect, investigate, and respond to threats. It offers a centralized view of the security status of an organization, enabling faster incident response and improved threat detection. SIEM provides information about the following metrics:
  • Alert Count
    : It displays the number of alerts generated in the SIEM tool for the time selected. Click on
    More Info
     to open the SIEM Alert Detail Dashboard that provides a drill-down view of the open SIEM alerts.
  • Security Incidents:
     It displays the number of security incidents generated in the SIEM tool for the time period selected. Click on
    More Info
     to open the SIEM-Incident -Details-Complete dashboard that provides a drill-down view of the open security incidents.
    This is not an IPC incident count.
  • Mean Time to Detect:
    It displays
    the mean time to detect
    in hours when a security event first occurred in the source system (‘Alert Start Time’) and the moment a corresponding alert is generated by a Sentinel analytics rule (‘Alert Generated’).
    This does not represent an SLA measure.
  • Mean Time to Resolve:
    It displays the average time difference in hours between the incident created and the incident last modified time for closed incidents.
    This does not represent an SLA measure.
  • Source:
    It displays the number of sources in tabular and graphical formats. You can get a drill-down view ofSIEM incidents from the
    SIEM-Incident-Details-Complete dashboard by clicking on More Info.
  • Security Incident Status:
    It displays the number of security incidents based on the status in tabular and graphical formats. The incident status can be categorised as new, closed, and active, etc. You can get a drill-down view of the Open SIEM incidents from the
    SIEM-Incident-Details-Complete dashboard.
  • Alerts and Security Incidents:
    It displays
    the number of alerts and security incidents.
  • Tactic Level Breakdown by Alerts:
    Tactic level Breakdown by alerts refers to the categorization and analysis of security alerts based on specific tactics used by attackers. The tactic level has been categorised as Initial Access, Exfiltration, PreAttack, Collection, Execution, etc. You can view a drill-down view of the Alerts by clicking the More Info link.
    For a metric,
    you can select the graphical or tabular format from the
    Toggle View Mode
     option. You can download the information available in CSV, PNG, and JPG formats by clicking on the
    Download Menu
     option available in the right corner of each section.
Do you have two minutes for a quick survey?
Take Survey