Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Which product(s) would you use to detect, triage, and act on privilege escalation?

thos13
Explorer
‎11-18-2022 04:52 AM

Which product(s) would you use to detect, triage, and act on privilege escalation?

and how would you then proceed in doing so?

Labels (2)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-18-2022 06:19 AM

Hi

if this is your only issue to find then core splunk is enough. But I suppose that you will have some more issues in your mind or at least those will come later 😉

Personally I propose that you will contact some local Splunk Partners which can help you to look your needs and then select with you a correct product/apps for this. Here are some options which could fulfil your (future) needs:

  • Core Splunk
  • Core Splunk with TA's to collect events
    • Unix / Linux TA 
    • MS TA's based on products which you have in use
    • Some network gear TAs based on your used products 
  • Separate app over Core Splunk
    • InfoSec App for Splunk or
    • Splunk Security Essentials
    • Splunk Enterprise Serurity

Or something else based on your real needs which depends on your company needs.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...