Which product(s) would you use to detect, triage, and act on privilege escalation?
and how would you then proceed in doing so?
Hi
if this is your only issue to find then core splunk is enough. But I suppose that you will have some more issues in your mind or at least those will come later 😉
Personally I propose that you will contact some local Splunk Partners which can help you to look your needs and then select with you a correct product/apps for this. Here are some options which could fulfil your (future) needs:
Or something else based on your real needs which depends on your company needs.
r. Ismo