Standardization
One of the major problems in the SEM space is the difficulty in consistently analyzing event data. Every vendor, and indeed in many cases different products by one vendor, uses a different proprietary event data format and delivery method. Even in cases where a "standard" is used for some part of the chain, like Syslog, the standards don't typically contain enough guidance to assist developers in how to generate events, administrators in how to gather them correctly and reliably, and consumers to analyze them effectively.
As an attempt to combat this problem, a couple parallel standardization efforts are underway. First, The Open Group is updating their circa 1997 XDAS standard, which never made it past draft status. This new effort, dubbed XDAS v2, will attempt to formalize an event format including which data should be included in events and how it should be expressed. The XDAS v2 standard will not include event delivery standards but other standards in development by DMTF may provide a wrapper.
In addition, MITRE is also in the midst of a standardization effort called CEE that is somewhat broader in scope - it attempts to define an event structure as well as delivery methods.
Read more about this topic: Security Event Manager