It's impossible to detect WannaCry by app ES Content Updates?
Someone have experience in this?
If you haven't looked at the Splunk Security Essentials for Ransomware app, it has some useful reference searches.
There is also a Security Investigation online demo that might give you some pointers.
View solution in original post
These links might help by blocking the domains that could host ransomware using Splunk ES.
Hope it helps!