7MS #495: Desperately Seeking a Super SIEM for SMBs - Part 5
7 Minute Security · Brian Johnson
November 17, 202139m 36s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect:
- RDP from public IPs
- Password spraying
- Kerberoasting
- Mimikatz
- Recon net commands
- Hash dumping
- Hits on a "honey domain admin" account
- Users with non-expiring passwords
- Hits on the SSH/FTP/HTTP honeypot