We use cookies to ensure that we give you the best experience on our website. By continuing your visit on the website, you consent to the use of the cookies. If you want to find out more about the cookies we use, you can access our Privacy Policy.
Presented by the Community, for the Community, these Splunk Champions Lightning Talks feature hot tips and tricks from our SplunkTrust and MVP!
About this event
Following the jam-packed Splunk Champs Lightning Talks live at .conf24, we're excited to give everyone the opportunity to hear the best tips and tricks from our Splunk Community Champions -- SplunkTrust and MVP -- via this virtual event! Plus, we're running it twice so that Splunk Community members (that's you!) from all around the globe have the opportunity to attend.
These sessions will be simu-live depending on speaker availability- meaning when available they'll be in the live chat. They will also be available for you to reach out afterward via Community Slack. Please join us for this global event, presented by members of the Splunk Champions Community!
Sessions:
New High Score: How to Play RBA and Win!
Identity CIA Triad
Super optimize your stats searches using tstats, TERM, PREFIX, and the hidden knowledge of minor and major breakers
Setting up for Success -- Linux Profiles for Splunk Admins
Everything you dont know about Metric indexes
Hosted virtually via Zoom: click the pink "Join"button at the top of the page when you're ready to jump in!
See the full agenda below the speaker images for details. Start and end times of individual talks subject to change. Wondering what the "Splunk Community HQ" chapter is? This is simply a "user group" that can share events with the full, global Splunk User Group community! To join your local Splunk User Group as well, visit usergroups.splunk.com and search your city to join!
Speakers
Martin Hettervik
Atea
Security Monitoring Expert | Technical Architect
Young So
SecurePro
Sr. Security Architect | SecurePro
Ryan Adler
Senior Security Engineer (resident tyrannosaurus)
UltraViolet Cyber
Brett Adams
Specialist Director
Deloitte
Matt Snyder
Omnissa
Program Lead – Advanced Security Analytics
When
Thursday, October 3, 2024 1:00 AM – 2:30 AM (UTC)
Agenda
1:00 AM
Welcome!
A warm welcome and introduction from the Splunk Community Team.
1:15 AM
New High Score: How to Play RBA and Win! - Matt Snyder (MVP)
In the world of Risk Based Alerting (RBA), it's all about the score. But what happens when your scoring goes haywire? You're left chasing ghosts or drowning in false alarms. Join this session that goes beyond the ordinary. Dive deep into the world of risk scoring and unveil the exciting secrets of risk score modifiers like MITRE ATT&CK mappings, alert velocity adjustments and historical disposition enhancements. But that's not all — you'll leave with the tools you need to unlock your ticket to Risk Scoring success.
1:30 AM
Identity CIA Triad - Young So (MVP)
Comprehensive user session monitoring using Splunk includes the integration of an initial identity management tool into a Single Sign-On (SSO) or Public Key Infrastructure (PKI) environment. This approach enhances security and streamlines access management by enabling more efficient tracking and management of user sessions. By leveraging Splunk’s powerful analytics capabilities, organizations can gain deeper insights into user behavior and access patterns, ensuring better control and oversight over their IT environments identity areas.
1:45 AM
Super optimize your stats searches using tstats, TERM, PREFIX, and the hidden knowledge of minor and major breakers - Martin Hettervik (MVP)
Want super fast stats searches, without going through the hassle of creating accelerated data models, or perhaps your use case is so narrow that it's not worth making a accelerated data model for? Welcome the magic of using TERM, PREFIX, and the hidden knowledge of minor and major breakers, to create optimized tstats-searches directly on your raw data, no acceleration needed! This session will demonstrate some examples on how you can use these techniques, and in which cases it's beneficial, and also, where it's not possible.
2:00 AM
Setting up for Success -- Linux Profiles for Splunk Admins - Ryan Adler (SplunkTrust)
I'd like to discuss the benefits of normalizing your day to day linux administration experience specifically for Splunk. I've published several repositories with needed shortcuts, aliases, and bash interactivity that make the admin experience standard and repeatable in groups.
2:15 AM
Everything you dont know about Metric indexes - Brett Adams (SplunkTrust)
Metrics are a powerful feature of Splunk that are frequently misunderstood, and in the persuit of license reduction or performance improvement, you can easily shoot yourself in the foot. From the speaker of High Speed Metrics With the Forza at Conf22 and
Perfecting Perfmon and Other Metrics at Conf23, comes this light talk covering the correct way to use metrics, and the correct way to optimise them.