Security Operations Centers (SOC) monitor, detect, and respond to threats. SIEM tools aggregate logs and generate alerts for suspicious activity.
Example:
A SOC analyst receives an alert for repeated login failures and investigates, discovering a brute-force attack.
Exercise: Explore open-source SIEM tools like Wazuh or ELK Stack to practice log monitoring.