The concepts of events, alerts, and incidents are integrated into the identification processes of a well-functioning security operations center:
- An event is a change to the expected behavior of an:
- Information system
- Process
- Environment
- Workflow
- Person
- An alert is provided by an information security monitoring system such as a SIEM to identify an event or combination of events
- An incident is a malicious event that has some level of business impact and must be remediated