To provide a security incident detection system that allows even middle-ranked enterprises and small and mid-sized enterprises to easily introduce without imposing high costs, burdening endpoints, or requiring specialized personnel.SOLUTION: A security incident detection system 1 includes a user terminal 20 provided at an enterprise and a server device 10 capable of mutually communicating with the user terminal 20 via a network. The user terminal 20 periodically collects log information 211 and transmits it to the server device 10. When receiving the log information 211, the server device 10 analyzes the log information 211, creates an analysis report 115P in enterprise units, and transmits the created analysis report 115P to a manager of the enterprise.SELECTED DRAWING: Figure 1
展开▼