It's just basic EDR .. you have events that are flagged .. so on linux, let's say someone does something like setuid or setgid on a system file. Innocuous but potentially dangerous actions like this get flagged in the system.
These events are correlated against other actions that might have happened on the same system or other systems that the user had logged onto prior to this one.
Even if it's not the same user, the events are still correlated and alerted upon if suspicous. (both individually and holistically)
If users are using microsoft authentication for access, the accounts will be flagged and locked out, generally forcing users to fully authenticate with MFA and forcing a password change.
> If users are using microsoft authentication for access, the accounts will be flagged and locked out, generally forcing users to fully authenticate with MFA and forcing a password change.
Last i heard the "state actors" had access to AD master credentials.
> You may not provide the software to third parties as a hosted or managed service, where the service provides users with access to any substantial set of the features or functionality of the software.
It's just basic EDR .. you have events that are flagged .. so on linux, let's say someone does something like setuid or setgid on a system file. Innocuous but potentially dangerous actions like this get flagged in the system.
These events are correlated against other actions that might have happened on the same system or other systems that the user had logged onto prior to this one.
Even if it's not the same user, the events are still correlated and alerted upon if suspicous. (both individually and holistically)
If users are using microsoft authentication for access, the accounts will be flagged and locked out, generally forcing users to fully authenticate with MFA and forcing a password change.
> If users are using microsoft authentication for access, the accounts will be flagged and locked out, generally forcing users to fully authenticate with MFA and forcing a password change.
Last i heard the "state actors" had access to AD master credentials.
Microsoft isn't the only company to provide a service like this, and the others are cross platform.
Or open source - security onion is amazing!
That looks like source available, not open source.
https://securityonionsolutions.com/license
> You may not provide the software to third parties as a hosted or managed service, where the service provides users with access to any substantial set of the features or functionality of the software.
Crowdstrike, for instance :^)
Hey, an outage is better than a hack...right?
A crashed machine is a secure machine.
That’s what grampy used to say
If you can't boot it, they can't hack it.