Register for .conf24 today!

Join us at our annual conference: Splunk .conf24! June 11-14 at The Venetian Resort, Las Vegas.

Risk Based Alerting and Splunk War Stories - Global SUG Week | Edinburgh Virtual User Group

Feb 10, 2021, 5:00 – 7:00 PM

Global Splunk User Group Week: Please join us for a demonstration of Risk Based Alerting in Phantom, and a round table on implementing large-scale Splunk Infrastructure. As part of the Global Splunk User Group, we are running a prize raffle courtesy of Splunk, so attend to have the chance to win.

About this event

Welcome back to the first Edinburgh Virtual Splunk User Group of 2021. This month, we are focusing on Risk Based Alerting, specifically in regards with Phantom. We are also hosting a round table of experts in running, deploying and implementing large-scale Splunk environments. But first...


It is Global Splunk User Group Week this week - come join our session and you might be in with a chance to win prizes, courtesy of Splunk. Every attendee will be put into a raffle and will be selected at random for a prize. Our currently confirmed Prizes include:

  • One (1) Grand Prize, to be determined by the winner, up to the cost of £50, provided by Splunk.
  • One (1) Runner-Up Prize, to be determined by the winner, up to the cost of £20, provided by Splunk.
  • One (1) Personal Subscription for any individual JetBrains product, provided by JetBrains

And there is a special Grand Prize for three randomly chosen Splunk User Groups participating in the Global Splunk User Group Week:

  • One (1) Oculus Quest 2, provided by Splunk (subject to our SUG being drawn - this will be announced in the weeks after the SUG)

Please see the Terms and Conditions at the end for further details. Prizes are subject to change prior to the session - we're looking to find more things to raffle off to be confirmed before the User Group starts on Feb 10th.


An introduction to Risk Based Alerting in Phantom, by Guest Speaker (and Phantom Whizkid) Tom Wise

A Round Table discussion on designing, implementing and operating large-scale Splunk Environments, and some guides and gotchas to avoid when deploying your own. Hosted by Harry McLaren, with speakers to be announced. 

Code of Conduct

We adopt and enforce the Berlin Code of Conduct (CoC) for all our events and all cases of abuse or harassment are dealt with swiftly and in accordance with this CoC.

Any concerns or issues should be reported to the organisers of this chapter:

Harry McLaren ( / @cyberharibu on Twitter / @Harry on Splunk Community Slack)

Andrew McManus ( / @Andrew McManus on Splunk Community Slack)

Contributing to the SUG

We are always looking out for new speakers or participants to this SUG. We can be contacted in many ways:

Splunk Community: Interact with us at the new Splunk Community Hub page

Slack: Join up to the Splunk Community Slack at and join us at #Edinburgh

LinkedIn: User Group LinkedIn Page

Competition Terms and Conditions

  1. Attendee(s) must register for the User Group meeting via Splunk User Groups
  2. Attendee(s) must check in to the User Group meeting via link given after registering for User Group meeting.
  3. Attendee(s) can opt-in or opt-out on registration using the sign-up form.
  4. Attending can only be entered in for the drawing one (1) time per User Group meeting - this is subject to change once we determine prizes.
  5. Attendee(s) can only win one prize per User Group meeting - this is subject to change once we determine prizes.
  6. All prizes are at the discretion of Splunk and/or the User Group leader.
  7. Please consult on your company and/or government on any reporting requirements for prizes.
  8. Winners will be initially contacted through the Splunk User Groups system. If this is not possible, alternative methods of communication will be determined.
  9. Splunk Employees and Splunk User Group Leaders (for Edinburgh) cannot enter this competition, as per Splunk's Terms and Conditions
  10. Previously $50 giftcard was advertised as a grand prize. This has been changed to several items costing up to $100, as per Splunk's Terms and Conditions not allowing Gift Cards or Cash Equivalents.
  11. Raffle Prizes will be chosen by winners, but will ultimately be under discretion of Splunk and the group leaders.
  12. In the case of a further draw for the Oculus Quest 2, all entrants to the raffle will be re-entered, including if you have won prior prizes. Splunk Group Leaders are ineligible for this prize.


  • Tom Wise


    Senior Consultant


  • Harry McLaren


    Product Lead for Detection & Response



Wednesday, February 10, 2021
5:00 PM – 7:00 PM UTC


Introductions and Housekeeping
Phantom - Risk Based Alerting
Splunk Round Table


  • Harry McLaren


    Product Lead for Detection & Response

  • Andrew McManus

    Adarma Security

    Security Consultant


  • Tom Wise


    Leader, Edinburgh Splunk User Group

  • Andrew McManus

    Lloyds Banking Group

    Edinburgh User Group Leader

Contact Us