soc30 / lms
connected
back to day 18
WEEK_3 · DAY_18 · LAB

Lab 18 — Triage 5 Notables

The analyst's daily workspace

LAB PROGRESS0/4 steps · 0%

Lab Objectives

  • Triage a Notable Event end-to-end
  • Use the Adaptive Response menu
  • Add events to an Investigation
  • Manage status, owner, urgency, comments

Lab Instructions

  1. 1
    Open Splunk ES → Incident Review.
  2. 2
    Open each of the 5 pre-loaded Notable Events.
  3. 3
    For each: read the contributing SPL, write a triage note, decide escalate/close.
  4. 4
    Connect them — these 5 tell ONE attack story.
← LAB 17
Lab 17 — Tour Splunk ES
LAB 19
Lab 19 — Author a Correlation Search