Exam SY0-601 topic 1 question 98 discussion

Every single time I've seen the word correlate in questions, the answer has always been SIEM. From google: SIEM event correlation is an essential part of any SIEM solution. It aggregates and analyzes log data from across your network applications, systems, and devices, making it possible to discover security threats and malicious patterns of behaviors that otherwise go unnoticed and can lead to compromise or data loss.

SIEM has log repository and analysis capabilities that SOAR platforms typically do not. The SOAR has response capabilities that the SIEM does not

A SIEM (Security Information and Event Management) system is designed to collect, store, and analyze log data from various sources in real-time. It allows security analysts to search and correlate logs from multiple sources in a single tool, enabling them to identify and respond to security incidents effectively.

SIEM (Security Information and Event Management) systems are designed to collect, analyze, and correlate log data from various sources such as network devices, servers, applications, and security systems. They provide a centralized platform where logs can be ingested, normalized, and indexed for efficient searching and analysis. With a SIEM, security analysts can perform log searches, create custom queries, and apply correlation rules to identify patterns, anomalies, and potential security incidents. SIEMs also provide features like real-time monitoring, alerting, and reporting to help analysts detect and respond to security events effectively.

B. SIEM. This describes exactly what a SIEM does and is.

this would not be SOAR just bc they dont want security prevention or automation correct? someone explain why not SOAR.

SIEM - Security Information and Event Management

Log collectors are pieces of software that function to gather data from multiple independent sources and feed it into a unified source such as a SIEM. Log collectors only collects the logs. SIEM store all logs

I believe it is SIEM