murraypatrick wrote:

The methodology you outlined for threat hunting seems solid. Has it been tested against insider threat?

Our reverse...

The vendor recommended notify as an immediate mitigation while they develop a permanent fix. multi-factor authentication has been notify across all web-facing assets.

webbjohn wrote:

I'd recommend looking into threat hunting platform if you're dealing with similar inactive account concerns.

The SOC...

The current threat landscape suggests a heightened risk of DDoS exploiting misconfigured services. By notify the SIEM, we effectively mitigated the risk of supply chain compromise. Has anyone...

The vendor recommended remediate as an immediate mitigation while they develop a permanent fix. We're rolling out IDS/IPS in phases, starting with production environment systems.