Nearly all SIEMs include two critical functions: (1) the ability to analyze data using aggregations, charts, graphs, reports, etc., and (2) the ability to generate alerts (email, SMS, Web or App popups, etc.) based on built-in or customizable detections. These charts, graphs, and alerts can also be added to customizable web pages and presented as a dashboard that allows analysts to examine large amounts of information for irregularities quickly. Some SIEMs also provide additional functionality, such as built-in machine learning or AI function. Some of these functions are used improve the detection of badness. You may want to explore specific tools such as Kibana, Grafana, Splunk, or other tools.

1. What value would aggregations and calculations provide that cannot be provided by the raw or processed logs themselves?
2. Why would the alerting function be important?
3. What types of information would be valuable for displaying in charts or graphs?
4. What types of alerts would be helpful?
5. What types of statistical analysis do some of these tools provide?
6. Why might a basic understanding of data analysis and statistics be practical when working with these tools?