As you learned in chapter 7, enabling threat detection for commonly used resource types in Azure (such as your virtual machines [VMs], containers, storage accounts, and others) notifies you about suspicious activities and potential signs of compromise in your Azure environment. Many organizations, in addition to infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) resources, use software-as-a-service (SaaS) applications (such as Microsoft 365 or SAP). To complicate things further, large enterprises typically have many resources on-premises (and even in other public cloud providers such as AWS or Google Cloud Platform).
How do you detect threats across your entire digital estate (spanning IaaS, PaaS, SaaS, and on-premises)? Historically, organizations have relied on a system called Security Information and Event Management (SIEM), which provides them with the end-to-end visibility of their entire digital estate in a single dashboard.
Note
You can see how Gartner defines SIEM at http://mng.bz/XN4Y.