I do many things one of them being incident response so I look at a lot of log files, and no I'm not one of those 24 hour rookie SOC team guys, level 1 gives me WAF alerts to analyze (baller son baller!?!)
I also work closely with developers, and debug some hardcore issues like why csrf token implementations are failing on a web application platform etc.
I also do a lot of identity provider and authentication work, mostly pingfederate and siteminder.
...and much more i cant talk about
this explains why a lot of logs hath been viewed 8)
As for ELK, I dont even know what that is had to google it, and after googling, yea we use logstash and kibana. It's one of the many tools I use to investigate production issues. |
_
|