Management of events and incidents is one of the cornerstones for any service. Traditionally, event management frameworks are responsive. The SIEM (Security Information and Event Management) approach enables near-real time event management as well as proactive management of security incidents and events for IT infrastructures. However, the SIEM solutions available commercially are not able to interpret high-level data from the service view or the business impact view. Another limitation of SIEMs is related to scalability. Indeed, current solutions are limited since they depend on centralized rule processing performed on a single node.One of the most challenging domains for SIEMs, but not only, is the protection of critical infrastructures. Over the last few years, there has been growing understanding of security risks related to (targeted) cyber-attacks against critical infrastructures in all sectors (dams, energy, transport, etc.). Critical infrastructure networks are very different in comparison to other IT infrastructures. Most of the endpoint actors are machines rather than people, their malfunction can have immediate physical consequences, and they are more likely to be targeted by malicious adversaries.