SANS Analyst Program survey on log and event management, “Sorting through the Noise” 22% of respondents use a security information and event manager (SIEM) to collect and analyze data. 58% use log-management systems, and the remainder rely on other means. Most respondents said one of the main reasons to collect logs is for the purpose of regulatory compliance, though 9% discounted the importance of that. Nearly all respondents said that “detecting and tracking suspicious behavior was important””]