Splunk Enterprise Security

Detect SharpHound Usage

Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery

CMD Echo Pipe - Escalation

Command and Scripting Interpreter, Windows Command Shell, Windows Service, Create or Modify System Process

Detect ARP Poisoning

Hardware Additions, Network Denial of Service, Man-in-the-Middle, ARP Cache Poisoning