Forensics

Heavy analysis phase, true root cause analysis, and investigation by an outside organization.

Creating a timebound picture of network activityObtain a complete picture of what data is written to your indexes, through what sources, and by what devices.
Investigating a ransomware attackUse Splunk software to investigate a ransomware attack by attempting to reconstruct the events that led to the system being infected.
Investigating unusual file system queriesHow to investigate unusual file system queries with this process you can run in Splunk software.