splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 23 LAB · LAB 23 — WALK A MALWARE ALERT· week 4
Walk a malware alert — decode -enc, pivot to network, ship IOCs.
- ›Open N-2042.
- ›Decode the base64.
- ›Pivot to Sysmon EventCode=3 from same host.
- ›List IOCs + recommend EDR isolation.
Hint: winword.exe → powershell.exe with -enc is textbook macro malware. Always decode first.
Incident Review
Status
Urgency
Owner
Time
1 events · Notable Events Timeline
1 of 1 matching
| Time | Domain | Title | Urgency | Status | Owner | Risk | ||
|---|---|---|---|---|---|---|---|---|
| 2026-05-07 12:11:08 | Endpoint | critical | 92 |