Which product(s) would you use to detect, triage, ...

thos13 · ‎11-18-2022

Which product(s) would you use to detect, triage, and act on privilege escalation?

and how would you then proceed in doing so?

isoutamo · ‎11-18-2022

Hi

if this is your only issue to find then core splunk is enough. But I suppose that you will have some more issues in your mind or at least those will come later 😉

Personally I propose that you will contact some local Splunk Partners which can help you to look your needs and then select with you a correct product/apps for this. Here are some options which could fulfil your (future) needs:

Core Splunk
Core Splunk with TA's to collect events
- Unix / Linux TA
- MS TA's based on products which you have in use
- Some network gear TAs based on your used products
Separate app over Core Splunk
- InfoSec App for Splunk or
- Splunk Security Essentials
- Splunk Enterprise Serurity

Or something else based on your real needs which depends on your company needs.

r. Ismo

Which product(s) would you use to detect, triage, and act on privilege escalation?

troubleshooting

using Splunk Enterprise

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

Which product(s) would you use to detect, triage, and act on privilege escalation?

troubleshooting

using Splunk Enterprise

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey