Let's Learn about the Splunk SOC

Washington DC Splunk User Group

Tue, Apr 11, 9:30 PM (UTC)


About this event

Ever wonder how Splunk uses their own tools in their SOC? Come to our next event to hear directly from a Splunk SOC Incident Handler on:

• How Splunk’s SOC analysts leverage Splunk products internally at each phase of IR.

• How/why Splunk's SOC aligns use cases with MITRE ATT&CK, and how they get value out of that.

• How they leverage Risk Based Alerting to drive down the total number of risk events into a digestible amount of actionable alerts per day.

• Splunk as a source of metrics and 3 levels of metrics dashboards from high-level consumption to granular SOC performance metrics.


  • Josh Wiley


    Senior Cyber Security Incident Handler



Tuesday, 11 April
5:30 PM - 7:30 PM (EDT)

Venue map


  • Rich Galloway

    Mainline RTP

    Splunk Consultant

  • Rutger Thomschutz

    Washington DC User Group Leader

  • Rinaldi Rampen


    User Group Leader