Skip to content

Video Library

"The Office" Hours

"The Office" Hours is a monthly webinar series that provides a platform for members of the RBA Community to ask questions and get expert insights on risk-based alerting and Splunk Enterprise Security. Hosted by ZachTheSplunker, these sessions are an "ask me anything" format where attendees can submit questions in advance or ask them live during the webinar. Each episode features subject matter experts from the community who are knowledgeable about RBA and willing to share their expertise with attendees. If you’re looking for answers to your questions about RBA, ES, or the RBA Community, “The Office” Hours is the perfect place to get them. If you’re an RBA subject matter expert and would like to be a panelist, please don’t hesitate to contact us!

April 2024: Welcoming Back Haylee Mills, Staff Security Strategist at Splunk

March 2024: Special Guest Speaker: Mauricio Valazco, Principal Threat Researcher at Splunk

February 2024: Special Guest Speaker: Matthew Joseff, Fraud Specialist at Splunk

January 2024: Special Guest Speaker: Christian Cloutier, Creator of the app, SA-DetectionInsights

2023 Season

September 2023 S02E09: Special Guest Speaker: Dennis Morton, Principal Consultant at Arcus Data

August 2023 S02E08: Special Guest Speaker: Donald Murchison, SIEM Engineer at HPE—Tuning Framework for Splunk

July 2023 S02E07

Due to technical reasons, only part of the June Office Hours was recorded.

June 2023 S02E06

May 2023 S02E05: Executive Round Table

April 2023 S02E04: One Year Anniversary

March 2023 S02E03: Maximizing Your RBA Strategy

February 2023 S02E02: The Future of Risk Based Alerting

January 2023 S02E01: New Year, New Risk

Breakout Sessions

Mastering RBA in Splunk & Splunk SOAR

Hosted by SP6 Presented May 30th, 2024


  • Learn how risk-based alerting works and why it's important for modern cybersecurity tactics.
  • Hear about advanced ways to prioritize and respond to alerts based on the level of risk, the context of the threat, and its impact to the business.
  • Find out how to utilize Splunk SOAR in your incident response systems to speed up the process of finding threats and reducing their impact.

Request Recording

Engineering Risk Rules and Detections

Building and Tuning Reliable Signals That Can Be Heard Above the Noise by Alchemy Global Networks


  • Understand best practices for developing, tuning, and implementing detections, Risk Rules, and Risk Incident Rules to enhance cybersecurity and operational effectiveness.
  • Learn strategies for reducing Mean Time To Detect (MTTD) and mitigating false positives to improve the efficiency of Security Operations Centers (SOCs).
  • Gain insights into establishing robust lifecycle management processes for threat detection, enabling a strong defense against a wide range of cyber threats.

Request Recording

Crafting Detailed Assets and Identities Lookups

Hosted by SP6


  • Assets & Identity Basics
  • Building Asset & Identity Lookups
  • Creating Custom RBA Risk Factors using A&I fields
  • Adjusting Risk Scoring using A&I fields
  • Q&A

Request Recording

Data Model Mechanic

Hosted by Outpost Security


  • Understanding the mechanics of data models and how they are used for RBA and beyond.
  • Ensuring that data models are properly configured for optimal performance.
  • Optimizing fields and data to improve the accuracy and effectiveness of data models.
  • Identifying and onboarding new data sources into existing data models.

Request Recording