splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 18 LAB · LAB 18 — TRIAGE 5 NOTABLES· week 3
Triage 5 connected notable events — they tell ONE story.
- ›Open each of 5 notables.
- ›Read the contributing SPL on each.
- ›Connect them — phish → exec → C2 → lateral → ransom.
- ›Create an Investigation.
Hint: These 5 notables tell ONE story. Order them by time, connect by entity (akumar/admin_svc, 10.4.12.50/91).
Incident Review
Status
Urgency
Owner
Time
5 events · Notable Events Timeline
5 of 5 matching
| Time | Domain | Title | Urgency | Status | Owner | Risk | ||
|---|---|---|---|---|---|---|---|---|
| 2026-05-07 12:30:44 | Endpoint | critical | 98 | |||||
| 2026-05-07 12:22:14 | Endpoint | critical | 88 | |||||
| 2026-05-07 12:18:51 | Threat | high | 78 | |||||
| 2026-05-07 12:11:08 | Endpoint | critical | 92 | |||||
| 2026-05-07 12:04:22 | Access | high | 65 |