With the increase of information flows transmitted between different information systems, organizations using these systems are increasingly dependent on ensuring the continuity and accuracy of ongoing processes in these systems. It is necessary to have tools for analyzing the large number of real-time events in order to respond adequately to security threats emerging in information systems. The field of application of SIEM systems is primarily for detecting and preventing network intrusion, but it can also be used to analyze traffic whether it is useful or malicious.