Quote:
Originally Posted by Unregistered
Generally it is okay. As alot of Org use Splunk as a SIEM. Understand the concept and fundamental. As SIEM is almost the same - as in the Correlate or use case mechanism. some org might move away from Splunk in the future, yes and no. As the market of SIEM is pretty competitive. But i would say.. most or.. all SOC require a SIEM. it is just which one? As different SIEM is be selected depending on the threat eco landscape or the security products the company select.
Good luck
|
Thanks for your reply. I agree on your point about understanding the concept and fundamental. Even if companies move away from Splunk in the future, the knowledge on logs correlation/use case will still be valuable.