This might indicate a Ransomeware attack, which often originates from compromised insiders.
![splunk enterprise security use case library splunk enterprise security use case library](https://cdn.apps.splunk.com/media/public/screenshots/a2ad2140-96db-11e9-993e-066874a6c56a.gif)
This is a sign of a compromised user account.
![splunk enterprise security use case library splunk enterprise security use case library](https://image.slidesharecdn.com/partnerexecsummit-analytics-drivensecurityundsecuritysoar-abrancato-181129132616/95/partner-exec-summit-2018-frankfurt-analyticsdriven-security-und-soar-13-638.jpg)
A SIEM can identify which IT systems are in compliance with policies and standards, and alert about violations in real time.
#Splunk enterprise security use case library windows
![splunk enterprise security use case library splunk enterprise security use case library](https://uberagent.com/wp-content/uploads/2021/12/Log4Shell-CVE-2021-44228-uberAgent-Splunk-Search-for-Detecting-Vulnerable-Applications-985x669.8-c-default.png)