The process of continuously collecting and analyzing data to identify potential security threats. It is used in IT security to identify and respond to potential security breaches in real-time. Examples include using network intrusion detection systems to monitor network traffic for anomalies and using security information and event management (SIEM) tools to collect and analyze logs from multiple sources.