splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 26 LAB · LAB 26 — RUN AN IR TABLETOP· week 4
Run a PICERL tabletop on the ransomware incident.
- ›Open Investigations → INV-104.
- ›Walk PICERL stage by stage.
- ›Identify stakeholders to notify and when.
- ›Document 3 detection gaps + 3 process gaps.
Hint: PICERL: Prepare → Identify → Contain → Eradicate → Recover → Lessons.
Investigations
My Investigations
| ID | Title | Status | Owner | Created | Notables | Actions |
|---|---|---|---|---|---|---|
| INV-104 | Ransomware on FIN-WS-091 | 2026-05-07 12:25 | 2 N-2044, N-2045 | |||
| INV-103 | Phishing campaign — invoice.pdf | 2026-05-07 11:10 | 1 N-2046 |