Skip to content

Welcome to the RBA Community 👋🏿 👋🏻 👋🏽 👋🏾 👋🏼

The RBA Community The RBA Community

About the Community

The RBA Community is a group of professionals dedicated to advancing the field of risk-based alerting (RBA) and Splunk Enterprise Security (ES). Our mission is to provide a forum for sharing knowledge, best practices, and the latest developments in RBA and ES, and to help professionals enhance their understanding and skills in these areas.

Our vision is to be the go-to resource for anyone looking to learn more about RBA and ES. To achieve this, we offer a range of resources and services, including a podcast called The Risk Factor, a newsletter called The Risky Times, and breakout sessions hosted by our partners on topics related to RBA and ES. These resources are designed to help professionals at all levels – from beginners to experts – deepen their understanding of RBA and ES and stay up-to-date with the latest trends and developments.

Whether you’re new to RBA and ES or a seasoned pro, The RBA Community has something for everyone. We invite you to join us on this journey to enhance your understanding and expertise in RBA and ES – don’t miss out on this opportunity to learn from the best and connect with other professionals in the field.

"The Office" Hours

Join us at “The Office” Hours, the engaging RBA Community Monthly Meetup! Connect with professionals, learn from guest speakers, and dive into risk-based alerting and Splunk Enterprise Security. Our hosts, Elizabeth, Ryan, and ZachTheSplunker, lead this interactive webinar series, where attendees can ask questions and gain insights from RBA experts. Perfect for newcomers and experienced enthusiasts alike, “The Office” Hours is your gateway to staying informed and connected in the RBA world. Don’t miss out – join the conversation!

RSVP to "The Office" Hours Past Recordings

The RBA Community 2024 Sessions

Breakout Sessions and Virtual Workshops

View past breakouts

Virtual Workshops

The Risk-Based Alerting hands-on workshop is designed to familiarize participants with the RBA methodology used in Splunk Enterprise Security. Our journey will begin with walking through the process of creating Risk Rules and Risk Data Models. From the creation of these Risk Data Models we will cover how these can lead to Risk Notables and Alerting. Users will better understand how to build and engineer their own risk rules and risk notables in Splunk Enterprise Security and tune these to provide more immediate insights to their analysts.

Who Should Attend

The workshop is designed for people on a Security Operations team responsible for content creation, usually the Detection Engineering team.


This is a 4-hour, hands-on event. You will need your laptop and internet access and will need to join a Webex meeting to participate in this workshop.

May 2nd

Register Today

June 27th

Register Today

Test Webex

Test Webex

Community Resources

    Centralized RBA Resources


Wakelet is a central hub for all your RBA resources, including blog posts, how-to guides, videos, and official documentation.

Visit Wakelet

Community Slack
    RBA Community Slack channel

Outpost Security

Our Community Slack space, hosted by Outpost Security, is the perfect place to stay up-to-date on announcements, news, and ask questions and engage in discussions with over 600 other members.

Join The RBA Slack Channel

LinkedIn Group
    The RBA Community LinkedIn Group


Our LinkedIn Group is a great way to stay up-to-date on news and announcements, as well as network and connect with new people in the RBA community.

Join LinkedIn Group

RBA GitHub
    Specialized content


The RBA GitHub is a one-stop-shop for searches, dashboards, Q&A, and other discussions with specialized content from the RBA community. Streamline your risk analysis with simple XML or JSON dashboards and find useful SPL searches from other community members.

Visit The RBA GitHub Visit Discussion Board