Which of the following is the BEST type of program for an organization to implement to aggregate, correlate
and store different log and event files, and then produce weekly and monthly reports for IS auditors?

A.
A security information event management (SIEM) product

B.
An open-source correlation engine

C.
A log management tool

D.
An extract, transform, load (ETL) system

Explanation:
A log management tool is a product designed to aggregate events from many log files (with distinct formats and
from different sources), store them and typically correlate them offline to produce many reports (e.g., exception
reports showing different statistics including anomalies and suspicious activities), and to answer time-based
queries (e.g., how many users have entered the system between 2 a.m. and 4 a.m. over the past three
weeks?). A SIEM product has some similar features. It correlates events from log files, but does it online and
normally is not oriented to storing many weeks of historical information and producing audit reports. A
correlation engine is part of a SIEM product. It is oriented to making an online correlation of events. An extract,
transform, load (ETL) is part of a business intelligence system, dedicated to extracting operational or production
data, transforming that data and loading them to a central repository (data warehouse or data mart); an ETL
does not correlate data or produce reports, and normally it does not have extractors to read log file formats.