I am a Ph.D. candidate. I trying to compare SIEM systems based on some capabilities. I had issues with installing Alienvault. So, I checked some issues using the demo platform. But for others I have to ask you, experts of the platform, to get correct information.
One of my concerns is to understand how to search multiple data sources that have the same fields or fields that enable joining these data sources. For example, I have projects, alerts and scans files. Can I upload these files and make queries such as
select alerts.* where alerts.project = yyy and projects.project= alert.project and project.start > xxx