splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 2 LAB · LAB 2 — MAP A TRIAGE WORKFLOW· week 1
Triage 3 notable events as a Tier-1 analyst — escalate, contain, or close.
- ›Three notables landed in your queue.
- ›Write a 4-line note (Who/What/When/Action) on each.
- ›Decide: false positive, escalate to T2, or contain.
- ›Note the tier you'd hand off to.
Hint: Click a notable to open it. Use the SPL drilldown to confirm scope before deciding.
Incident Review
Status
Urgency
Owner
Time
3 events · Notable Events Timeline
3 of 3 matching
| Time | Domain | Title | Urgency | Status | Owner | Risk | ||
|---|---|---|---|---|---|---|---|---|
| 2026-05-07 12:41:00 | Identity | medium | 42 | |||||
| 2026-05-07 12:33:09 | Network | medium | 35 | |||||
| 2026-05-07 12:04:22 | Access | high | 65 |