Organisations generate millions of system logs every day from the likes of servers, firewalls and network devices. Their ability to process, analyse and react to this information affects how they will manage any security risks and incidents. To help process this data, many organisations implement a Security Incident and Event Management (SIEM) system or outsource to a Cyber Security Operations Centre (CSOC) for their monitoring, which provides a real-time analysis of security alerts.