I'd say there are two different paths if you wanna advance in cybersec. 1. Start from low-level SOC positions and gain technical expertise. This way you start from the organizational perspective and work gradually on your technical skill which allows you to understand the processes first and gain technical insight later 2. Start from IT-related experience and apply your knowledge to security matters. Here you typically start with a technical expertise in administration and/or programming and apply your understanding of technical stuff in a security context. There is no single "one size fits all" response. And there is no shortcut for experience. ... View more

Hi, As per the query you posted, here is the possible solution I managed to get which you can follow-  Open your snort logs in the tool or platform you are using for log analysis. Look for a feature or option that allows you to define custom extraction rules or create new fields based on the log data. This may vary depending on the specific tool you are using. Find the option to add a new field or define a custom extraction rule. Name the new field "Priority" or any desired name. Specify the extraction rule for the "Priority" field. In this case, you want to extract the string value. Depending on the tool, you may need to provide a regular expression or a pattern that matches the desired string. For example, you could use a pattern like Priority : (\d) to capture the priority value. Adjust the pattern as per your specific log format. Save the new field or extraction rule. Apply the newly created "Priority" field to your log analysis or visualization. Depending on the tool, you may need to re-run the analysis or refresh the visualization. Once the "Priority" field is applied, you should be able to generate a pie chart by searching for snort | top Priority. This should display the different priority values as distinct slices in the chart. By defining a custom extraction rule or field (https://docs.splunk.com/Documentation/Splunk/9.1.0/Data/Configureindex-timefieldextraction) for the priority value, you can ensure that it treats different values, such as "Priority : 3" and "Priority : 2", as separate entities rather than merging them into a single value. Note: The specific steps may vary depending on the log analysis tool or platform you are using. Please consult the documentation or support resources for your specific tool for more accurate instructions tailored to your environment. Also, this Splunk certification resource will help you understand it more better. ... View more

@RaviSingh  Thank you for your reply....I  was asking more about how to achieve the bucket size and time for an index..Iwant to know the configs or stanzas that needs in inputs.conf... your reply is more of generic ... View more

@RaviSingh Please follow the below links as per your requirements: 1. Installing splunk on linux including creating splunk user and opening splunk port follow this link: https://blog.avotrix.com/installing-splunk-on-vm/ 2. Just looking for installing splunk in linux and not linux steps as above, please follow this link: https://splunkonbigdata.com/how-to-install-splunk-on-linux-server/ Also Splunk provided detailed video on splunk portal for installing splunk on linux which can be followed using this link: https://www.splunk.com/en_us/resources/videos/installing-splunk-enterprise-on-linux.html Also if this reply helped you in solving your problem, an up-vote would be appreciated. ... View more