Some software agents can incorporate local filters to reduce and manipulate the data that they send to the server, although typically from a forensic point of view you would collect all audit and accounting logs to ensure you can recreate a security incident.
[2] The security console is monitored by an administrator who reviews the consolidated information and takes action in response to any alerts issued.
[3][4] The data that is sent to the server to be correlated and analyzed are normalized by the software agents into a common form, usually XML.
[3][4] The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach.
Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' or policy violations by using data collection techniques.