• security; intrusion detection; SIEM; correlation;

We present a Security Information and Event Management (SIEM) framework to correlate, attribute and predict attacks against an ICT system. The output of the assessment of ICT risk, that exploits multiple simulations of attacks against the system, drives the building of a SIEM database. This database enables the SIEM to correlate sequences of detected attacks, to probabilistically attribute and predict attacks, and to discover 0-day vulnerability. After describing the framework and its prototype implementation, we discuss the experimental results on the main SIEM capabilities.