Group Health Cooperative uses Splunk's software and CIRTA system to conduct incident response. It ingests logs from various systems using Splunk and analyzes the data to detect anomalies and security incidents. When incidents are found, CIRTA is used to track, investigate, and categorize each incident to measure the effectiveness of the response. Examples provided show how Splunk detected phishing attempts and vulnerable systems to help Group Health address security issues.