Secdo: Do you send out alerts? What do you alert on?

Secdo: Do you send out alerts? What do you alert on?

0
Created On 09/25/18 18:17 PM - Last Modified 07/19/22 23:08 PM


Resolution


We are not a detection system, nor do we plan to be. Most companies already have so many alerts that go to waste since they are never investigated, that we just don’t see the point in adding more to the queue.

We do however enable the SECDO admins to choose notable things they want to know for its correlative/enrichment value and send that back to a SIEM for further analysis (for example, open shares on machines, local admins, powershell scripts being executed, etc.)
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOoCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail