splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 7 LAB · LAB 7 — MAP A REAL BREACH· week 1
Map a real breach to MITRE ATT&CK using ES Investigations.
- ›Open Investigations → INV-104 (Ransomware).
- ›Walk every notable backwards in time.
- ›Map each to an ATT&CK technique.
Hint: Phishing (T1566) → PowerShell (T1059) → C2 (T1071) → PsExec (T1021) → Encryption (T1486).
Investigations
My Investigations
| ID | Title | Status | Owner | Created | Notables | Actions |
|---|---|---|---|---|---|---|
| INV-104 | Ransomware on FIN-WS-091 | 2026-05-07 12:25 | 2 N-2044, N-2045 | |||
| INV-103 | Phishing campaign — invoice.pdf | 2026-05-07 11:10 | 1 N-2046 |