A Security Event Management (SEM) service performs the following function:

A.
Gathers firewall logs for archiving

B.
Aggregates logs from security devices and application servers looking for suspicious activity

C.
Reviews access controls logs on servers and physical entry points to match user system authorization with physical access permissions

D.
Coordination software for security conferences and seminars.

Explanation:
B: SEM/SEIM systems have to understand a wide variety of different applications and network element (routers/switches) logs and formats; consolidate these logs into a single database and then correlate events looking for clues to unauthorized behaviors that would be otherwise inconclusive if observed in a single log file. Page 751.