So the majority of my career has been spent balls deep in logs using Splunk. I have massive imposter syndrome, but ive come full circle and realise im actually pretty decent at it. Especially with IR and threat hunting and customised application logging for 3rd party apps.
Theres a job offer coming up I feel, however this company uses AlienVault. I only did a days course several years ago, but remember AlienVault being a confusing mess trying to get custom alerting set up.
- Is the learning curve fairly shallow switching from Splunk to AlienVault?
- Im also getting the vibe that you cant drill down into raw logs like you can with SPL, is this true?
- Are there any curve balls i should be expecting?