splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 24 LAB · LAB 24 — PHISHING INVESTIGATION· week 4
Trace a phishing campaign end-to-end and scope all victims.
- ›Run pre-loaded SPL on email logs.
- ›Find the click event.
- ›Pivot to endpoint exec.
- ›List ALL recipients of the campaign — your potential victims.
Hint: akumar is patient zero — but jsmith and lwong got the same email. Block sender + URL globally.
New Search
supported: search field=value (wildcards) · stats count by f1,f2 · where field op N · sort -field · top N field · head N · table f1 f2