When an attacker try to harvest your systems, it leaves trail. You should be prepare before. You have got a lot of security devices. For example(Firewall, intrusion prevention&detection systems, Web application firewall, User access control, web server, load balancer, mail gateway, router, switch, HIDS, SIEM, MDM, proxy, dlp, Vulnerability scanners,another third party apps.) This devices are potential log source. if you develop advanced log correlation techniques, yes you can catch atttackers before security breach and incidents. This repository created for non-profit development special log correlation techniques.
#What is event correlation?(wikipedia say's)
Event correlation is a technique for making sense of a large number of events and pinpointing the few events that are really important in that mass of information. This is accomplished by looking for and analyzing relationships between events.
https://en.wikipedia.org/wiki/Event_correlation
#What is Security Incident and Event Management?(SANS say's)
Security Information and Event Management (SIEM) systems are a hybrid solution coming from two distinct security-related products: Security Information Management (SIM) systems, technologies focused upon policy and standards compliance through the consolidation of logs, the analysis of data and the reporting of findings; and Security Event Management (SEM) systems, which provide technical support in the management of threats, events and security incidents in real time.
The detection of events of interest can be performed through either functional group, with SEM supporting effective real-time monitoring capabilities and SIM providing an efficient means to wade through massive amounts of collected data records.