Let’s start with the easy stuff. Kirk, so emotional and brand-conscious -- he would buy Splunk for SIEM. First, he would ask for the Splunk people to provide an alien chick to assist in the evaluation, but that is stuff for another blog.
Janeway would write her own SIEM, and fail wildly. Tuvok would shrug it off as just another failure... Chakotay would support Janeway in her wild failure, calmly saying some native stuff to soothe her.
But Picard, he would be likely to buy SolarWinds Log & Event Manager (LEM) for his SIEM. Understated, full-function SIEM. He would weigh the pros, the cons, and he would hate the hype and high prices other vendors demand for SIEM.
Spock would likewise choose LEM. So would Data. The logical guys would choose LEM. They would likely create an Excel pivot table to prove this was the right decision. Heck, Data could do SIEM himself, but that would distract him from achieving humanity.
Troy would intuit the failures of others, and feel the pain of ArcSight, and its 18 month deployment. She would feel the pain of LogRhythm, being out there all alone.
Scotty would say, “Captain, it will take 48 months to implement SIEM with ArcSight, but I can do it in 18 months.”
Riker would say, “What is a SIEM? Let's send Captain Picard to Raisa to get one!"
Q would say, “When will the human race figure out LEM is the obvious choice? Let’s hold court.”
On the other hand, Worf would just phaser all the computers and be done with it... An attractive option. An extremely attractive option. Since that is not an option for you,
please check out LEM.