event to determine if it is an item of interest. If it is, the SIEM agent
               forwards the event to a central SIEM server, and depending on the

               event, it can raise an alarm for an administrator. For example, if the
               send queue of an email server starts backing up, a SIEM application
               can detect the issue and alert administrators before the problem is
               serious.

               Most SIEMs are configurable, allowing personnel within the
               organization to specify what items are of interest and need to be

               forwarded to the SIEM server. SIEMs have agents for just about any
               type of server or network device, and in some cases, they monitor
               network flows for traffic and trend analysis. The tools can also collect
               all the logs from target systems and use data-mining techniques to
               retrieve relevant data. Security professionals can then create reports
               and analyze the data.

               SIEMs often include sophisticated correlation engines. These engines

               are a software component that collects the data and aggregates it
               looking for common attributes. It then uses advanced analytic tools to
               detect abnormalities and sends alerts to security administrators.

               Some monitoring tools are also used for inventory and status
               purposes. For example, tools can query all the available systems and
               document details, such as system names, IP addresses, operating
               systems, installed patches, updates, and installed software. These tools

               can then create reports of any system based on the needs of the
               organization. For example, they can identify how many systems are
               active, identify systems with missing patches, and flag systems that
               have unauthorized software installed.

               Software monitoring watches for attempted or successful installations
               of unapproved software, use of unauthorized software, or
               unauthorized use of approved software. This reduces the risk of users

               inadvertently installing a virus or Trojan horse.


               Sampling

               Sampling, or data extraction, is the process of extracting specific
               elements from a large collection of data to construct a meaningful
               representation or summary of the whole. In other words, sampling is a