Register here. This thread is for the Community Office Hours session on Splunk Enterprise Security (ES) on Wed, October 25, 2023 at 1pm PT / 4pm ET.
This is your opportunity to ask questions related to your specific Enterprise Security (ES) challenge or use case, including:
Please submit your questions at registration or as comments below. You can also head to the #office-hours user Slack channel to ask questions (request access here).
Pre-submitted questions will be prioritized. After that, we will go in order of the questions posted below, then will open the floor up to live Q&A with meeting participants. If there’s a quick answer available, we’ll post as a direct reply.
Look forward to connecting!
Hi Everyone!
Please be sure to submit your questions at registration or post a comment here for any topics you'd like to see discussed in the Community Office Hours session. You can also head to the #office-hours user Slack channel to ask questions and join the discussion (request access here).
Here are a few questions from the session (get the full Q&A deck and live recording in the #office-hours Slack channel):
Q1: How long would you expect an initial RBA deployment to take for customers with say between 200 - 400 detection rules?
Q2: Deployment and pricing over a distributed cluster environment (implementation)
Q3: How do you manage the number of false positives when an ESCU detection is very noisy?
Other Questions (check the #office-hours Slack channel for responses):