Detecting Lateral Movement with Splunk When to Use - When hunting for adversary movement between compromised systems - After detecting credential theft to trace subsequent lateral activity - When investigating unusual authentication patterns across the network - During incident response to scope the breadth of compromise - When proactively hunting for TA0008 (Lateral Movement) techniques Prerequisites - Splunk Enterprise or Splunk Cloud with Windows event data ingested - Windows Security Event Logs forwarded (4624, 4625, 4648, 4672, 4768, 4769) - Sysmon deployed for process creation and netwo…