security Boxes E-Box (Event Box) event sources A-Box (Analysis Box) analyses events Counter-Measures-Box (Countermeasures Box) responding to attacks / malicious activities countermeasures D-Box (Database Box) logging auditing R-Box (Report Box)