@@ -214,8 +214,15 @@ The following types of products have reduced or varied requirements under the Cy
## 4.3 Product overview and architecture
SIEM systems have X basic functions, all related to collection, analysis, and reporting of security data.
_Explain the overall architecture and relationship among the parts of the products. Use diagrams if that is helpful._
SIEM systems collect, analyse, and correlate data from multiple sources to present as actionable information for security-related purposes. Components include:
* Software that collects information from the devices being monitored
* Software that collects information on the local device and makes available to the collection server
* Software that analyses, compresses, filters, and/or deletes collected information as it arrives
* Software that stores collected information
* Software that generates events or alerts from collected information
Any component other than the software that collects data on the local device can be provided either as software provided to the user to run on its own devices, or as a remote data processing solution (RDPS).
