There are many SIEM solutions available. And some ML or AI modules/tools/Add-ons available on the market. Some of those ML/AI tools available are using pure statistics for outlier detection apart from current hot topic ML, AI algorithms. What is tactical SIEM? if you are spending 80 percent of your time within a SIEM tool doing alert review and analysis, then you are on the right track. If you are an organization that is instead focusing heavily on collecting more data sources, applying patches, or running compliance reports, then your SIEM implementation may not be tactical. [2] So correlation/alert is the heart of SIEM. Some SIEM solutions have strong correlation engine and some others are weak relatively. Some SIEM correlation engines are just filters and some of them are no more than Esper CEP query. Correlation is the key factor for SIEM success. So the emphasis is correlation engine.