In this presentation, I will talk about all the distinctive characteristics of botnet behavior and more specifically, how we can detect it using effective solutions while avoiding over flood of false positives. How we can collect pieces of information across the IT infrastructure and, by using multiple layers of correlation as well as context metadata, succeed in detecting botnet infection and activity. Moreover, I will present how we can profit out of this enrichment of raw data with context in order to build and deploy Indicators of Compromise (IOC) so as to further enhance detection. All that is made possible by making use of a fairly new trend in the security world called Security Information and Event Management or SIEM for short. During the last years, many great actors in IT security made sure to acquire a company offering SIEM technology, foreseeing a rise in demand for such solutions.