J
Jeremy Young
To replace our current SIEM we need Huntress SIEM to alert auditor behavior when they're onsite running tests.
Common detections:
  • Trying to tamper with AV/EDR
  • Vuln Scans that aren't the approved vuln scan
  • Admin account manipulation
  • Loves when SentinelOne notes that someone is attacking domain security
  • Lateral movement attempts