For years now we have been defining a SIEM as three teams working together as one. The Security Operation Center, the Blue Team, and the Incident Response Team gather around a database – what most MSSPs call a SIEM – to manage the risk arising from technology that can be addressed with monitoring.

There are three interactive processes that arise when we try to manage technology risk: Risk Measurement, Risk Response, and Risk Monitoring. Essentially, these are the three ways to manage risk. When you monitor risk, you’re not only monitoring the various decisions made when you respond to risk, but you are also monitoring for threats exploiting both known and possibly unknown vulnerabilities.

Thus, by way of an article review, I submit this article, as the reason why you want Three Teams working together as one:

https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/