Hello Experts! Hoping I can get a little input for my question. We use ESM as our SIEM, and I'd like to utilize a report or dashboard from ESM to help better track those logging into our network with non-company asset machines. Here's a quick scenario of what we'd like to capture or other behavior similar:
Let's say Juan gets into the building after hours. He plugs in his personal laptop to network drop, and using Jane Doe's password that he obtained by shoulder surfing her earlier, logs in as her. What would be the best way to track this kind of behavior as well as any non-company asset machine log-ins within an ESM report or a dashboard.
Any help with this is GREATLY APPRECIATED!