The Risk-Based Alerting (RBA) hands-on workshop is designed to guide Detection Engineers or other content creators with the RBA process used in Splunk Enterprise Security. Our journey will begin with a review of ES fundamentals as a foundation for RBA then proceeds through Risk Factors, Risk Rule creation, and Risk Notable creation.

The workshop leverages the popular Boss of the SOC (BOTS) dataset with hands-on exercises that build on one another and expose the participants to detecting a complex APT attack. The participants will depart with a clear path for getting started with RBA in their environment.

Pre-requisites: Participants need to complete the Enterprise Security, hands-on workshop before doing the RBA workshop

Duration: Three hours

Registration is closed.