SIEM @Home
I’m already mentioned in my previous article about Traffic Analysis in Qubes OS, that the IDS system alerts and logs should be passed to a log management system where we can correlate them with other logs and alerts. That system can be called SIEM
However a real SIEM system makes sense in an enterprise environment only, because it is requires 7×24 monitoring, and it is also needs special knowledge and experience to analyze the results.