Video Library¶
"The Office" Hours¶
"The Office" Hours is a monthly webinar series that provides a platform for members of the RBA Community to ask questions and get expert insights on risk-based alerting and Splunk Enterprise Security. Hosted by ZachTheSplunker, these sessions are an "ask me anything" format where attendees can submit questions in advance or ask them live during the webinar. Each episode features subject matter experts from the community who are knowledgeable about RBA and willing to share their expertise with attendees. If you’re looking for answers to your questions about RBA, ES, or the RBA Community, “The Office” Hours is the perfect place to get them. If you’re an RBA subject matter expert and would like to be a panelist, please don’t hesitate to contact us!
Septemeber 2024: Season 3 Episode 9
August 2024: Season 3 Episode 8
July 2024: Season 3 Episode 7
June 2024: Season 3 Episode 6
May 2024: Season 3 Episode 5
April 2024: Welcoming Back Haylee Mills, Staff Security Strategist at Splunk
March 2024: Special Guest Speaker: Mauricio Valazco, Principal Threat Researcher at Splunk
February 2024: Special Guest Speaker: Matthew Joseff, Fraud Specialist at Splunk
January 2024: Special Guest Speaker: Christian Cloutier, Creator of the app, SA-DetectionInsights
2023 Season
September 2023 S02E09: Special Guest Speaker: Dennis Morton, Principal Consultant at Arcus Data
August 2023 S02E08: Special Guest Speaker: Donald Murchison, SIEM Engineer at HPE—Tuning Framework for Splunk
July 2023 S02E07
Due to technical reasons, only part of the June Office Hours was recorded.
June 2023 S02E06
May 2023 S02E05: Executive Round Table
April 2023 S02E04: One Year Anniversary
March 2023 S02E03: Maximizing Your RBA Strategy
February 2023 S02E02: The Future of Risk Based Alerting
January 2023 S02E01: New Year, New Risk
Breakout Sessions¶
Tuning In: Optimizing Detections & Risk Rules¶
Hosted by Alchemy Global Networks Presented November 20th, 2024
Topics
- Best practices for tuning detections, assets, identities, and threat objects.
- Eliminating blanket allow listing of risk and threat objects with contextual data.
- Tuning lifecycle management.
Mastering RBA in Splunk & Splunk SOAR¶
Hosted by SP6 Presented May 30th, 2024
Topics
- Learn how risk-based alerting works and why it's important for modern cybersecurity tactics.
- Hear about advanced ways to prioritize and respond to alerts based on the level of risk, the context of the threat, and its impact to the business.
- Find out how to utilize Splunk SOAR in your incident response systems to speed up the process of finding threats and reducing their impact.
Engineering Risk Rules and Detections¶
Building and Tuning Reliable Signals That Can Be Heard Above the Noise by Alchemy Global Networks
Topics
- Understand best practices for developing, tuning, and implementing detections, Risk Rules, and Risk Incident Rules to enhance cybersecurity and operational effectiveness.
- Learn strategies for reducing Mean Time To Detect (MTTD) and mitigating false positives to improve the efficiency of Security Operations Centers (SOCs).
- Gain insights into establishing robust lifecycle management processes for threat detection, enabling a strong defense against a wide range of cyber threats.
Crafting Detailed Assets and Identities Lookups¶
Hosted by SP6
Topics
- Assets & Identity Basics
- Building Asset & Identity Lookups
- Creating Custom RBA Risk Factors using A&I fields
- Adjusting Risk Scoring using A&I fields
- Q&A
Data Model Mechanic¶
Hosted by Outpost Security
Topics
- Understanding the mechanics of data models and how they are used for RBA and beyond.
- Ensuring that data models are properly configured for optimal performance.
- Optimizing fields and data to improve the accuracy and effectiveness of data models.
- Identifying and onboarding new data sources into existing data models.