Great @ Splunk…. transition to AlienVault easy?

So the majority of my career has been spent balls deep in logs using Splunk. I have massive imposter syndrome, but ive come full circle and realise im actually pretty decent at it. Especially with IR and threat hunting and customised application logging for 3rd party apps.

Theres a job offer coming up I feel, however this company uses AlienVault. I only did a days course several years ago, but remember AlienVault being a confusing mess trying to get custom alerting set up.

Questions…

  1. Is the learning curve fairly shallow switching from Splunk to AlienVault?
  2. Im also getting the vibe that you cant drill down into raw logs like you can with SPL, is this true?
  3. Are there any curve balls i should be expecting?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s