Security Operations Centers SOCs use SIEMs and tools like Splunk that include SIEM functionality for a number of use cases including monitoring alerts and notifications correlating information from a number of security data sources and facilitating forensic investigations By integrating analysis data from a malware sandbox SOCs and CIRTs Computer