i want to learn Threat Detection/ Detection engineering.

Is it worth investing time in learning how to write custom Snort rules from scratch, or is it better to spend my time on something else and just update published rules if i were to work as an analyst?

Aside from Snort, Splunk, and basic rule writing, what other skills or tools should I prioritize learning to become a proficient detection engineer? I've heard about forensics (network and memory analysis), YARA, Sigma, and the ELK stack—how important are these in …

analyst basic cybersecurity detection detection engineering engineering investing learn rules skills snort splunk threat threat detection tools update work writing