{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T00:18:03Z","timestamp":1760660283345,"version":"build-2065373602"},"reference-count":38,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T00:00:00Z","timestamp":1756166400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T00:00:00Z","timestamp":1756166400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,10]]},"DOI":"10.1007\/s10207-025-01109-w","type":"journal-article","created":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T19:11:18Z","timestamp":1756235478000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["SIEM-SC initial assessments: Towards a Sustainable and Compliant proposal for Security Information and Event Management"],"prefix":"10.1007","volume":"24","author":[{"given":"Juan Miguel L\u00f3pez","family":"Vel\u00e1squez","sequence":"first","affiliation":[]},{"given":"Sergio Mauricio Mart\u00ednez","family":"Monterrubio","sequence":"additional","affiliation":[]},{"given":"Luis Enrique S\u00e1nchez","family":"Crespo","sequence":"additional","affiliation":[]},{"given":"David G.","family":"Rosado","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,26]]},"reference":[{"key":"1109_CR1","doi-asserted-by":"publisher","unstructured":"Dalziel, H.: in Infosec Management Fundamentals, ed. by H.\u00a0Dalziel (Syngress, Boston, 2015), pp. 45\u201346. https:\/\/doi.org\/10.1016\/B978-0-12-804172-7.00015-5. https:\/\/www.sciencedirect.com\/science\/article\/pii\/B9780128041727000155","DOI":"10.1016\/B978-0-12-804172-7.00015-5"},{"key":"1109_CR2","unstructured":"Gartner. Definition of SIEM - IT Glossary | Gartner, url = https:\/\/www.gartner.com\/en\/information-technology\/glossary\/security-information-and-event-management-siem, year = 2024, note = Accessed: 2024-29-07"},{"key":"1109_CR3","doi-asserted-by":"publisher","unstructured":"Podzins, O., Romanovs, A.: Why SIEM is Irreplaceable in a Secure IT Environment?, in 2019 Open Conference of Electrical, Electronic and Information Sciences (eStream) (IEEE, 2019), pp. 1\u20135. https:\/\/doi.org\/10.1109\/eStream.2019.8732173. https:\/\/ieeexplore.ieee.org\/document\/8732173\/","DOI":"10.1109\/eStream.2019.8732173"},{"key":"1109_CR4","doi-asserted-by":"publisher","unstructured":"Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M., In\u00e1cio, P.R.: A Quick Perspective on the Current State in Cybersecurity. Emerging Trends in ICT Security pp. 423\u2013442 (2014). https:\/\/doi.org\/10.1016\/B978-0-12-411474-6.00025-6. https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/B9780124114746000256","DOI":"10.1016\/B978-0-12-411474-6.00025-6"},{"key":"1109_CR5","doi-asserted-by":"publisher","unstructured":"Snedaker, S., Rima, C.: in Business Continuity and Disaster Recovery Planning for IT Professionals, second edition edn. (Syngress, Boston, 2014), pp. 369\u2013411. https:\/\/doi.org\/10.1016\/B978-0-12-410526-3.00007-6. https:\/\/www.sciencedirect.com\/science\/article\/pii\/B9780124105263000076","DOI":"10.1016\/B978-0-12-410526-3.00007-6"},{"key":"1109_CR6","doi-asserted-by":"publisher","unstructured":"Liska, A., Stowe, G.: DNS network security (Elsevier, 2016), pp. 93\u2013119. https:\/\/doi.org\/10.1016\/B978-0-12-803306-7.00006-1. https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/B9780128033067000061","DOI":"10.1016\/B978-0-12-803306-7.00006-1"},{"key":"1109_CR7","doi-asserted-by":"publisher","unstructured":"Knapp, E.: in Industrial Network Security, ed. by E.\u00a0Knapp (Syngress, Boston, 2011), pp. 303\u2013312. https:\/\/doi.org\/10.1016\/B978-1-59749-645-2.00011-2. https:\/\/www.sciencedirect.com\/science\/article\/pii\/B9781597496452000112","DOI":"10.1016\/B978-1-59749-645-2.00011-2"},{"key":"1109_CR8","doi-asserted-by":"publisher","unstructured":"Sood, A.K., Enbody, R.: in Targeted Cyber Attacks, ed. by A.K. Sood, R.\u00a0Enbody (Syngress, Boston, 2014), pp. 123\u2013134. https:\/\/doi.org\/10.1016\/B978-0-12-800604-7.00008-5. https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/B9780128006047000085","DOI":"10.1016\/B978-0-12-800604-7.00008-5"},{"key":"1109_CR9","doi-asserted-by":"publisher","unstructured":"Casola, V., De Benedictis, A., Rak, M., Villano, U.: in Security and Resilience in Intelligent Data-Centric Systems and Communication Networks, ed. by M.\u00a0Ficco, F.\u00a0Palmieri, Intelligent Data-Centric Systems (Academic Press, 2018), pp. 235\u2013259. https:\/\/doi.org\/10.1016\/B978-0-12-811373-8.00011-2. https:\/\/www.sciencedirect.com\/science\/article\/pii\/B9780128113738000112","DOI":"10.1016\/B978-0-12-811373-8.00011-2"},{"key":"1109_CR10","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2953095","volume":"7","author":"J Lee","year":"2019","unstructured":"Lee, J., Kim, J., Kim, I., Han, K.: Cyber Threat Detection Based on Artificial Neural Networks Using Event Profiles. IEEE Access 7, 165607 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2953095. (https:\/\/ieeexplore.ieee.org\/document\/8896978\/)","journal-title":"IEEE Access"},{"issue":"4","key":"1109_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.2200\/S00431ED1V01Y201207DTM028","volume":"4","author":"E Bertino","year":"2012","unstructured":"Bertino, E.: Data Protection from Insider Threats. Synthesis Lectures on Data Management 4(4), 1 (2012). https:\/\/doi.org\/10.2200\/S00431ED1V01Y201207DTM028. (http:\/\/www.morganclaypool.com\/doi\/abs\/10.2200\/S00431ED1V01Y201207DTM028)","journal-title":"Synthesis Lectures on Data Management"},{"key":"1109_CR12","unstructured":"Verizon. DBIR Report 2024: Industries - Introduction | Verizon (2024). https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/2024\/industries-intro\/. Accessed: 2024-07-29"},{"key":"1109_CR13","unstructured":"IBM. QRadar supported DSMs (2024). https:\/\/www.ibm.com\/docs\/en\/dsm?topic=configuration-qradar-supported-dsms. Accessed: 2024-07-29"},{"key":"1109_CR14","doi-asserted-by":"publisher","first-page":"691","DOI":"10.1007\/s10207-022-00657-9","volume":"22","author":"JM Lopez","year":"2023","unstructured":"Lopez, J.M.: Systematic review of SIEM technology: SIEMSC birth. Int. J. Inf. Secur. 22, 691\u2013711 (2023). https:\/\/doi.org\/10.1007\/s10207-022-00657-9","journal-title":"Int. J. Inf. Secur."},{"key":"1109_CR15","doi-asserted-by":"publisher","unstructured":"Gonzalez\u00a0Granadillo, G., D\u00e9bar, H., Jacob, G., Gaber, C., Achemlal, M.: Individual countermeasure selection based on the return on response investment index, in Computer Network Security, ed. by I.\u00a0Kotenko, V.\u00a0Skormin (Springer Berlin Heidelberg, Berlin, Heidelberg, 2012), pp. 156\u2013170. https:\/\/doi.org\/10.1007\/978-3-642-33704-8_14","DOI":"10.1007\/978-3-642-33704-8_14"},{"key":"1109_CR16","doi-asserted-by":"publisher","unstructured":"Anumol, E.T.: Use of Machine Learning Algorithms with SIEM for Attack Prediction, in Intelligent Computing, Communication and Devices, ed. by L.C. Jain, S.\u00a0Patnaik, N.\u00a0Ichalkaranje (Springer India, New Delhi, 2015), pp. 231\u2013235. https:\/\/doi.org\/10.1007\/978-81-322-2012-1_24. http:\/\/link.springer.com\/10.1007\/978-81-322-2012-1_24","DOI":"10.1007\/978-81-322-2012-1_24"},{"key":"1109_CR17","doi-asserted-by":"publisher","unstructured":"Zhong, C., Yen, J., Liu, P., Erbacher, R.F. : Automate Cybersecurity Data Triage by Leveraging Human Analysts\u2019 Cognitive Process, in 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS) (IEEE, 2016), pp. 357\u2013363. https:\/\/doi.org\/10.1109\/BigDataSecurity-HPSC-IDS.2016.41. http:\/\/ieeexplore.ieee.org\/document\/7502316\/","DOI":"10.1109\/BigDataSecurity-HPSC-IDS.2016.41"},{"key":"1109_CR18","doi-asserted-by":"publisher","first-page":"668","DOI":"10.1016\/j.future.2019.09.005","volume":"111","author":"M Cinque","year":"2020","unstructured":"Cinque, M., Della Corte, R., Pecchia, A.: Contextual filtering and prioritization of computer application logs for security situational awareness. Futur. Gener. Comput. Syst. 111, 668 (2020). https:\/\/doi.org\/10.1016\/j.future.2019.09.005. (https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167739X19306454)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"1109_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101817","volume":"94","author":"BD Bryant","year":"2020","unstructured":"Bryant, B.D., Saiedian, H.: Improving SIEM alert metadata aggregation with a novel kill-chain based classification model. Comput. Security 94, 101817 (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.101817. (https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S016740482030095X)","journal-title":"Comput. Security"},{"key":"1109_CR20","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1016\/j.cose.2017.03.003","volume":"67","author":"BD Bryant","year":"2017","unstructured":"Bryant, B.D., Saiedian, H.: A novel kill-chain framework for remote security log analysis with SIEM software. Comput. Security 67, 198 (2017). https:\/\/doi.org\/10.1016\/j.cose.2017.03.003. (https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404817300561)","journal-title":"Comput. Security"},{"key":"1109_CR21","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1016\/j.future.2021.01.004","volume":"118","author":"N Usman","year":"2021","unstructured":"Usman, N., Usman, S., Khan, F., Jan, M.A., Sajid, A., Alazab, M., Watters, P.: Intelligent Dynamic Malware Detection using Machine Learning in IP Reputation for Forensics Data Analytics. Futur. Gener. Comput. Syst. 118, 124 (2021). https:\/\/doi.org\/10.1016\/j.future.2021.01.004. (https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167739X21000066)","journal-title":"Futur. Gener. Comput. Syst."},{"issue":"1","key":"1109_CR22","doi-asserted-by":"publisher","first-page":"125","DOI":"10.22004\/ag.econ.288703","volume":"62","author":"P Michelberger","year":"2016","unstructured":"Michelberger, P., Dombora, S.: A possible tool for development of information security- siem system. J. Article 62(1), 125 (2016). https:\/\/doi.org\/10.22004\/ag.econ.288703","journal-title":"J. Article"},{"key":"1109_CR23","doi-asserted-by":"publisher","unstructured":"Kotenko, I., Shorov, A., Chechulin, A., Novikova, E.: Dynamical Attack Simulation for Security Information and Event Management (Springer Berlin Heidelberg, 2014), pp. 219\u2013234. https:\/\/doi.org\/10.1007\/978-3-642-31833-7_14","DOI":"10.1007\/978-3-642-31833-7_14"},{"key":"1109_CR24","unstructured":"Kotenko, I.: C.\u00a0A. Attack modeling and security evaluation in SIEM systems. International Transactions on Systems Science and Applications 8, 129 (2012). http:\/\/siwn.org.uk\/press\/sai\/itssa0008\/itssa.0008.2012.041.pdf"},{"key":"1109_CR25","doi-asserted-by":"publisher","first-page":"771","DOI":"10.1007\/978-3-540-24693-0_63","volume":"3042","author":"T Peng","year":"2004","unstructured":"Peng, T., Leckie, C., Ramamohanarao, K.: Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. Networking 3042, 771 (2004). https:\/\/doi.org\/10.1007\/978-3-540-24693-0_63. (http:\/\/link.springer.com\/10.1007\/978-3-540-24693-0_63)","journal-title":"Networking"},{"key":"1109_CR26","doi-asserted-by":"crossref","unstructured":"Irfan, M., Abbas, H., Iqbal, W.: Feasibility analysis for incorporating\/deploying siem for forensics evidence collection in cloud environment, in 2015 IEEE\/ACIS 14th International Conference on Computer and Information Science (ICIS) (IEEE, 2015), pp. 15\u201321","DOI":"10.1109\/ICIS.2015.7166563"},{"key":"1109_CR27","doi-asserted-by":"crossref","unstructured":"Saenko, I., Kotenko, I.: Towards resilient and efficient big data storage: evaluating a siem repository based on hdfs, in 2022 30th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP) (IEEE, 2022), pp. 290\u2013297","DOI":"10.1109\/PDP55904.2022.00051"},{"key":"1109_CR28","first-page":"1","volume":"13","author":"M Sheeraz","year":"2023","unstructured":"Sheeraz, M., Paracha, M.A., Haque, M.U., Durad, M.H., Mohsin, S.M., Band, S.S., Mosavi, A.: Effective security monitoring using efficient siem architecture. Hum.-Centric Comput. Inf. Sci. 13, 1 (2023)","journal-title":"Hum.-Centric Comput. Inf. Sci."},{"key":"1109_CR29","doi-asserted-by":"publisher","unstructured":"Kenaza, T., Aiash, M.: Toward an efficient ontology-based event correlation in siem. Procedia Computer Science 83, 139 (2016). https:\/\/doi.org\/10.1016\/j.procs.2016.04.109. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1877050916301326. The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016) \/ The 6th International Conference on Sustainable Energy Information Technology (SEIT-2016) \/ Affiliated Workshops","DOI":"10.1016\/j.procs.2016.04.109"},{"key":"1109_CR30","doi-asserted-by":"publisher","first-page":"103509","DOI":"10.1016\/j.jisa.2023.103509","volume":"75","author":"AP Vaz\u00e3o","year":"2023","unstructured":"Vaz\u00e3o, A.P., Santos, L., de\u00a0C.\u00a0Costa, R.L., Rabad\u00e3o, C.: Implementing and evaluating a gdpr-compliant open-source siem solution. J. Inform. Security Appl. 75, 103509 (2023). https:\/\/doi.org\/10.1016\/j.jisa.2023.103509. (https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2214212623000935)","journal-title":"J. Inform. Security Appl."},{"key":"1109_CR31","doi-asserted-by":"publisher","unstructured":"Menges, F., Latzo, T., Vielberth, M., Sobola, S., P\u00f6hls, H.C., Taubmann, B., K\u00f6stler, J., Puchta, A., Freiling, F., Reiser, H.P., Pernul, G.: Towards gdpr-compliant data processing in modern siem systems. Comput. Security 103, 102165 (2021). https:\/\/doi.org\/10.1016\/j.cose.2020.102165. (https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404820304387)","DOI":"10.1016\/j.cose.2020.102165"},{"key":"1109_CR32","unstructured":"Menges, F., B\u00f6hm, F., Vielberth, M., Puchta, A., Taubmann, B., Rakotondravony, N., Latzo, T.: Introducing dingfest: An architecture for next generation siem systems (2018). DOIurl:https:\/\/dl.gi.de\/handle\/20.500.12116\/16287. https:\/\/dl.gi.de\/handle\/20.500.12116\/16287"},{"key":"1109_CR33","doi-asserted-by":"publisher","unstructured":"Vaz\u00e3o, A., Santos, L., Oliveira, A., Rabad\u00e3o, C.: A GDPR compliant SIEM solution, in European Conference on Cyber Warfare and Security (Academic Conferences International Limited PP - Reading, 2021), i, pp. 440\u2013448, XIV. https:\/\/doi.org\/10.34190\/EWS.21.081. https:\/\/www.proquest.com\/conference-papers-proceedings\/gdpr-compliant-siem-solution\/docview\/2555180018\/se-2?accountid=14513","DOI":"10.34190\/EWS.21.081"},{"key":"1109_CR34","unstructured":"IBM. A Gartner Magic Quadrant for SIEM Leader 12 Times (2023). https:\/\/community.ibm.com\/community\/user\/security\/blogs\/christopher-meenan\/2021\/07\/07\/ibm-a-gartner-magic-quadrant-for-siem-leader-12-ti. Accessed: 2023-10-02"},{"key":"1109_CR35","unstructured":"IBM. Managed Hosts (2023). https:\/\/www.ibm.com\/docs\/en\/qsip\/7.5?topic=management-managed-hosts. Accessed: 2023-07-5"},{"key":"1109_CR36","unstructured":"Customer\u00a0portal, R.: Monitoring CPU Utilization on Red Hat Enterprise Linux (2023). https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/4\/html\/introduction_to_system_administration\/s2-bandwidth-rhlspec-cpu. Accessed: 2023-07-10"},{"key":"1109_CR37","unstructured":"ISO\/IEC, Iso\/iec dis 27002 information security, cybersecurity and privacy protection \u2013 information security controls. Tech. Rep. ISO\/IEC, Edition 3, 2022, International Organization for Standardization (ISO), Geneva, Switzerland (2022)"},{"key":"1109_CR38","doi-asserted-by":"publisher","unstructured":"of\u00a0Standards, N.I., (NIST), T.: Sp 800-53 revision 5, security and privacy controls for information systems and organizations. Tech. Rep. NIST SP 800-53 Revision 5, September 2020, U.S. Department of Commerce, Washington, D.C. (2020). https:\/\/doi.org\/10.6028\/NIST.SP.800-53r5","DOI":"10.6028\/NIST.SP.800-53r5"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01109-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01109-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01109-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T11:39:08Z","timestamp":1760614748000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01109-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,26]]},"references-count":38,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2025,10]]}},"alternative-id":["1109"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01109-w","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,8,26]]},"assertion":[{"value":"26 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors did not receive support from any organization for the submitted work.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing Interests"}},{"value":"The authors declare that they have no conflict of interest.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}},{"value":"This article does not contain any studies with human participants performed by any of the authors.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with Ethical Standards"}}],"article-number":"195"}}