7MS #495: Desperately Seeking a Super SIEM for SMBs - Part 5
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.
Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect:
- RDP from public IPs
- Password spraying
- Kerberoasting
- Mimikatz
- Recon
net
commands - Hash dumping
- Hits on a "honey domain admin" account
- Users with non-expiring passwords
- Hits on the SSH/FTP/HTTP honeypot