splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 1 LAB · LAB 1 — TOUR THE SOC PLATFORM· week 1
Tour the Splunk ES console — your daily workspace as a SOC analyst.
- ›Click each top-level tab: Posture, Incident Review, Investigations, Sec Intelligence, Sec Domains, Audit, Search, Configure.
- ›Open one Notable Event in Incident Review.
- ›Note which views you'd use every shift.
Hint: Every tab here is a real Splunk ES view. Posture is exec-level; Incident Review is your home.
Security Posture
Key Security Indicators · click a tile to drill into Incident Review
Notable Events By Urgency
critical3
high4
medium2
low1
informational0
Notable Events Over Time
Top Notable Events
| rule_name | count |
|---|---|
| Brute Force - Failed Logins | 1 |
| Suspicious PowerShell EncodedCommand | 1 |
| Threat Match - Network | 1 |
| Lateral Movement - PsExec | 1 |
| Mass File Encryption | 1 |
| Phishing URL Clicked | 1 |
Top Sources
| src | count |
|---|---|
| 10.4.12.50 | 3 |
| 10.4.12.91 | 3 |
| 203.0.113.42 | 1 |
| 10.2.7.110 | 1 |
| Toronto/Berlin | 1 |