"The present document defines and describes the various concepts and areas of a whole SIEM approach@ which involves SOCs@ CSIRTs and Security governance teams. A SIEM approach is usually associated with one or more of the following six major aims: ? To monitor in real-time security events@ i.e. detection of those able to avoid existing preventative measures. ? To improve the communication and management of residual risks associated with previous security events@ by means of the implementation of a reaction (immediate or not) and of protective measures. ? To ensure security policy enforcement@ also called continuous checking (a term borrowed from the banking industry)@ by monitoring non-conformities and implementing feedback processes. ? To investigate security events with evidence collection@ according to a code of practise called ""forensic"". ? To draw up detailed reports@ using follow-up indicators which are often new and intended to complete existing security dashboards. ? To plan security@ with the aim of streamlining the future security investments by measuring precisely the efficiency level of existing ones. The target groups of the present document are heads of detection and reaction teams@ heads of Cyber defence teams and heads of security governance (CISOs)."