In this room, I applied what I had learned about Splunk to real-world incident handling scenarios. I analyzed log data to uncover evidence of attacks, such as brute-force attempts and malware activity, and worked through how to respond to those findings.
It was a great step up from the basics, showing how Splunk is used during the heat of an investigation. The exercises helped me think like an analyst in a SOC, connecting alerts to actual threats and piecing together timelines.
