The fact than more and more Cyber-Physical or IoT systems are integrated in vehicle fleets, coupled with the growing connectivity of these devices, poses a higher risk of cyber attacks, due to the increased attack surface. To mitigate this problem, we propose and test a collaborative system of Security Information and Event Management (SIEM) systems, where each node has its own autonomous SIEM –allowing the execution of mitigation actions even when the node is isolated– but it shares its context information with the nearby nodes, improving the correlation intelligence to make better informed decisions. The SIEMs are organised in a hierarchy, following the architecture of the monitoring system, where higher SIEMs collect events and alarms from lower SIEMs to make more general decisions and raise alarms. These alarms are forwarded to lower SIEMs to mitigate or prevent attacks on other nodes in the system. This system has been implemented as part of the CPSoSaware project and tested in three scenarios: local, area and global, focusing the demonstrations on the different layers of the project architecture.