Skip to content

Welcome to the RBA Community ๐Ÿ‘‹๐Ÿฟ ๐Ÿ‘‹๐Ÿป ๐Ÿ‘‹๐Ÿฝ ๐Ÿ‘‹๐Ÿพ ๐Ÿ‘‹๐Ÿผ

The RBA Community The RBA Community

About the Community

The RBA Community is a group of professionals dedicated to advancing the field of risk-based alerting (RBA) and Splunk Enterprise Security (ES). Our mission is to provide a forum for sharing knowledge, best practices, and the latest developments in RBA and ES, and to help professionals enhance their understanding and skills in these areas.

Our vision is to be the go-to resource for anyone looking to learn more about RBA and ES. To achieve this, we offer a range of resources and services, including a podcast called The Risk Factor, a newsletter called The Risky Times, and breakout sessions hosted by our partners on topics related to RBA and ES. These resources are designed to help professionals at all levels โ€“ from beginners to experts โ€“ deepen their understanding of RBA and ES and stay up-to-date with the latest trends and developments.

Whether youโ€™re new to RBA and ES or a seasoned pro, The RBA Community has something for everyone. We invite you to join us on this journey to enhance your understanding and expertise in RBA and ES โ€“ donโ€™t miss out on this opportunity to learn from the best and connect with other professionals in the field.

"The Office" Hours

Join us at โ€œThe Officeโ€ Hours, the engaging RBA Community Monthly Meetup! Connect with professionals, learn from guest speakers, and dive into risk-based alerting and Splunk Enterprise Security. Our hosts, Elizabeth, Ryan, and ZachTheSplunker, lead this interactive webinar series, where attendees can ask questions and gain insights from RBA experts. Perfect for newcomers and experienced enthusiasts alike, โ€œThe Officeโ€ Hours is your gateway to staying informed and connected in the RBA world. Donโ€™t miss out โ€“ join the conversation!

๐Ÿ†• RSVP to "The Office" Hours Past Recordings

The RBA Community 2024 Sessions

Breakout Sessions and Virtual Workshops

Tuning In: Optimizing Detections & Risk Rules

AGN Breakout Session

Hosted by Alchemy Global Networks | Nov 20th 8 am PT/11 am ET

Agenda

  • Best practices for Tuning Detections
  • Eliminating allow listing of Risk and Threat Objects
  • Tuning lifecycle management

Request recording View past breakouts


Virtual Workshops

The Risk-Based Alerting hands-on workshop is designed to familiarize participants with the RBA methodology used in Splunk Enterprise Security. Our journey will begin with walking through the process of creating Risk Rules and Risk Data Models. From the creation of these Risk Data Models we will cover how these can lead to Risk Notables and Alerting. Users will better understand how to build and engineer their own risk rules and risk notables in Splunk Enterprise Security and tune these to provide more immediate insights to their analysts.

Who Should Attend

The workshop is designed for people on a Security Operations team responsible for content creation, usually the Detection Engineering team.

Reminder

This is a 4-hour, hands-on event. You will need your laptop and internet access and will need to join a Webex meeting to participate in this workshop.

Next Session: Nov 7th

RSVP Today!

Test Webex

Test Webex

Community Resources

Wakelet
    Centralized RBA Resources

Wakelet

Wakelet is a central hub for all your RBA resources, including blog posts, how-to guides, videos, and official documentation.

Visit Wakelet


Community Slack
    RBA Community Slack channel

Outpost Security

Our Community Slack space, hosted by Outpost Security, is the perfect place to stay up-to-date on announcements, news, and ask questions and engage in discussions with over 600 other members.

Join The RBA Slack Channel


LinkedIn Group
    The RBA Community LinkedIn Group

LinkedIn

Our LinkedIn Group is a great way to stay up-to-date on news and announcements, as well as network and connect with new people in the RBA community.

Join LinkedIn Group


RBA GitHub
    Specialized content

LinkedIn

The RBA GitHub is a one-stop-shop for searches, dashboards, Q&A, and other discussions with specialized content from the RBA community. Streamline your risk analysis with simple XML or JSON dashboards and find useful SPL searches from other community members.

Visit The RBA GitHub Visit Discussion Board