Video Library¶
"The Office" Hours¶
"The Office" Hours is a monthly webinar series that provides a platform for members of the RBA Community to ask questions and get expert insights on risk-based alerting and Splunk Enterprise Security. Hosted by Elizabeth, Ryan, and ZachTheSplunker, these sessions are an "ask me anything" format where attendees can submit questions in advance or ask them live during the webinar. Each episode features subject matter experts from the community who are knowledgeable about RBA and willing to share their expertise with attendees. If you’re looking for answers to your questions about RBA, ES, or the RBA Community, “The Office” Hours is the perfect place to get them. If you’re an RBA subject matter expert and would like to be a panelist, please don’t hesitate to contact us!
September 2023 S02E09: Special Guest Speaker: Dennis Morton, Principal Consultant at Arcus Data
August 2023 S02E08: Special Guest Speaker: Donald Murchison, SIEM Engineer at HPE—Tuning Framework for Splunk
July 2023 S02E07
Due to technical reasons, only part of the June Office Hours was recorded.
June 2023 S02E06
May 2023 S02E05: Executive Round Table
April 2023 S02E04: One Year Anniversary
March 2023 S02E03: Maximizing Your RBA Strategy
February 2023 S02E02: The Future of Risk Based Alerting
January 2023 S02E01: New Year, New Risk
Breakout Sessions¶
Engineering Risk Rules and Detections: Building and Tuning Reliable Signals That Can Be Heard Above the Noise by Alchemy Global Networks¶
Topics¶
- Understand best practices for developing, tuning, and implementing detections, Risk Rules, and Risk Incident Rules to enhance cybersecurity and operational effectiveness.
- Learn strategies for reducing Mean Time To Detect (MTTD) and mitigating false positives to improve the efficiency of Security Operations Centers (SOCs).
- Gain insights into establishing robust lifecycle management processes for threat detection, enabling a strong defense against a wide range of cyberthreats.
Crafting Detailed Assets and Identities Lookups Hosted by SP6¶
Topics¶
- Assets & Identity Basics
- Building Asset & Identity Lookups
- Creating Custom RBA Risk Factors using A&I fields
- Adjusting Risk Scoring using A&I fields
- Q&A
Data Model Mechanic Hosted by Outpost Security¶
"Talking Shop: The Mechanics of Data Models in Splunk, Hosted by Outpost Security" is to provide attendees with a deep understanding of how data models work within the context of RBA (risk-based alerting). The learning objectives for this webinar include:
- Understanding the mechanics of data models and how they are used for RBA and beyond.
- Ensuring that data models are properly configured for optimal performance.
- Optimizing fields and data to improve the accuracy and effectiveness of data models.
- Identifying and onboarding new data sources into existing data models.