splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 30 LAB · LAB 30 — CAPSTONE· week 4
CAPSTONE — full breach: phish → cred theft → VPN → PsExec → DNS exfil → ransomware.
- ›10 notables in your queue (12:04 → 12:55) — they tell ONE story.
- ›Triage every notable. Order on a timeline.
- ›Map every step to ATT&CK.
- ›Deliver: IR report, IOC list, containment plan, 3 new detections.
Hint: Order by time. Map every event. Story: phish → exec → C2 → priv esc → lateral → exfil → ransom.
Incident Review
Status
Urgency
Owner
Time
10 events · Notable Events Timeline
10 of 10 matching
| Time | Domain | Title | Urgency | Status | Owner | Risk | ||
|---|---|---|---|---|---|---|---|---|
| 2026-05-07 12:55:30 | Network | low | 18 | |||||
| 2026-05-07 12:50:11 | Network | high | 72 | |||||
| 2026-05-07 12:44:55 | Identity | high | 70 | |||||
| 2026-05-07 12:41:00 | Identity | medium | 42 | |||||
| 2026-05-07 12:33:09 | Network | medium | 35 | |||||
| 2026-05-07 12:30:44 | Endpoint | critical | 98 | |||||
| 2026-05-07 12:22:14 | Endpoint | critical | 88 | |||||
| 2026-05-07 12:18:51 | Threat | high | 78 | |||||
| 2026-05-07 12:11:08 | Endpoint | critical | 92 | |||||
| 2026-05-07 12:04:22 | Access | high | 65 |