What is the difference between a SIEM and a SOC, captured by a "pan vs restaurant" analogy?
A SIEM is just a tool (a pan you cook with yourself); a SOC is the whole capability — people, process and tools — that delivers the finished outcome (a restaurant that serves you the meal).
* SIEM vs SOC — a SIEM is one tool (the pan); a SOC wraps people, process and tools (the restaurant). *
A SIEM (Security Information and Event Management) system collects, aggregates and correlates logs and alerts — but on its own it's like being handed a frying pan and told "have fun cooking at home". A SOC wraps that tool inside trained analysts and defined processes so you "visit a restaurant and enjoy the food that is served". The point: buying a SIEM does not give you security operations; you still need the people and process around it to actually detect and respond.
Go deeper:
SIEM (Wikipedia) — SIEM aggregiert/korreliert Logs und ist Kern des SOC, bleibt aber selbst nur das Werkzeug.