soc30 / lms
connected
back to day 17
WEEK_3 · DAY_17 · LAB

Lab 17 — Tour Splunk ES

Every dashboard, every menu, every concept inside ES

LAB PROGRESS0/4 steps · 0%

Lab Objectives

  • Navigate Security Posture, Incident Review, Investigations
  • Open Security Domains (Access, Endpoint, Network, Identity)
  • Find Risk Analysis, Threat Activity, and Asset Investigator
  • Understand the relationship between Splunk Core and ES

Lab Instructions

  1. 1
    Open the Splunk ES lab.
  2. 2
    Click every top-level tab: Posture, Incident Review, Investigations, Security Intelligence, Security Domains, Audit, Search, Configure.
  3. 3
    Open one Notable Event — read every field.
  4. 4
    Find the Risk Analysis dashboard. Identify the top 3 risk objects.
← LAB 16
Lab 16 — Validate CIM Compliance
LAB 18
Lab 18 — Triage 5 Notables