Home
Join the Community
Welcome Center
Welcome Center
Join Slack
Be a Splunk Champion
SplunkTrust
Splunk MVP
Become a User Group Leader
Splunk Love
Share a Tip
Find Answers
Splunk Administration
Getting Data In
Deployment Architecture
Monitoring Splunk
Using Splunk
Splunk Search
Dashboards & Visualizations
Splunk Products
Splunk Enterprise
Splunk Enterprise Security
Splunk Cloud Platform
Splunk Observability Cloud
Splunk AppDynamics
Splunk SOAR
Apps & Add-ons
All Apps and Add-ons
Splunk Development
Events
User Groups
Tech Talks: Technical Deep Dives
Office Hours: Ask the Experts
From Data to Insight: The Splunk Dashboard Contest
Dashboard Contest Terms and Conditions
Blogs
Community Blog
Product News & Announcements
Training & Certification Blog
Learning
Learning Paths
Training & Certification
Training + Certification Discussions
AppDynamics Knowledge Base
Best of conf
Resources
.conf25
Splunkbase
Developers
Documentation
Splunk Ideas
Splunk Events
Voice of Customer
Sign In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Show
only
|
Search instead for
Did you mean:
Community Office Hours
Community Office Hours
×
Join the Conversation
Without signing in, you're just watching from the sidelines.
Sign in or Register
to connect, share, and be part of the Splunk Community.
Ask a Question
Events
:
Office Hours: Ask the Experts
:
Community Office Hours
Options
Subscribe
Add Events to Calendar
Mark all as New
Mark all as Read
Community Office Hours
Showing events with label
Security
.
Show all events
Security: Cisco Talos Integration - 3/19/25
Wednesday, March 19, 2025
[Register Here] This thread is for the Community Office Hours session on Security: Cisco Talos Integration on Wed, March 19, 2025 at 1pm PT / 4pm ET. This is your opportunity to ask questions about Cisco Talos integration with Splunk Security. Our experts are ready to answer all your questions, such as: What can I ask in this AMA? How does Cisco Talos threat intelligence integrate with Splunk Security products? What kinds of intelligence are provided by the Cisco Talos integrations? How do I start using Cisco Talos intelligence in my Splunk Security products? Anything else you’d like to learn! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (request access here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2025
Past Office Hours
Security
0 attendees
0
0
Security: SOAR
Thursday, April 24, 2025
[Register Here ] This thread is for the Community Office Hours session on Security: SOAR on Thur, April 24, 2025 at 1pm PT / 4pm ET. (It is the updated schedule for our event~) This is your opportunity to ask questions related to your specific Splunk SOAR product, and use cases, including: What are the latest features of SOAR that I should know about? How do Splunk SOAR Playbooks and Actions integrate with Splunk Enterprise Security? How can I leverage the Automation Rules feature to assign playbooks to detections and automate the process? What are the best practices for developing playbooks, workbooks, and process workflows? How do I implement Guided Automation to further optimize the playbook-building process? What are the best practices for setting up prompts in SOAR? Anything else you’d like to learn! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (request access here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2025
Past Office Hours
Security
0 attendees
0
2
Security: Data Management in Security
Wednesday, July 16, 2025
[Register Here] This thread is for the Community Office Hours session on Data Management in Security on Wed, July 16, 2025 at 1pm PT / 4pm ET. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. What can I ask in this AMA? What are the best practices for managing and optimizing security data ingestion in Splunk? How can I improve the efficiency of my security data pipelines? How do I properly map security logs to the Common Information Model (CIM)? How to ensure accuracy and consistency with large volumes of data across multiple security log sources? How should I structure my security data for faster investigations and threat hunting? What role does AI/ML play in managing and analyzing security data in Splunk? Anything else you’d like to learn! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (request access here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2025
Past Office Hours
Security
0 attendees
0
0
Security: Enterprise Security
Wednesday, August 20, 2025
[Register here] This thread is for the Community Office Hours session on Security: Enterprise Security on Wed, Aug 20, 2025 at 1pm PT / 4pm ET. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. What can I ask in this AMA? What are the latest updates in Splunk Enterprise Security? How can I implement Risk-based alerting (RBA)? How can I utilize Threat Intelligence Management and Cisco Talos for better context? How do I access the latest out-of-the box detections? Which Splunkbase apps and add-ons are recommended for Splunk Enterprise Security use cases? Anything else you’d like to learn! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (request access here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2025
Past Office Hours
Security
0 attendees
0
0
Splunk Enterprise Security - the AI Powered SecOps Platform
Tuesday, November 18, 2025
[Register Here] This thread is for the Community Office Hours session on Splunk Enterprise Security - the AI Powered SecOps Platform on Tuesday, Nov 18, 2025 at 11 am PT / 2 pm ET. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. What can I ask in this AMA? What is different in the latest Splunk Enterprise Security, the AI powered SecOps Platform? Why upgrade to Enterprise Security 8 and why now? What are upgrade considerations and prep work? What do I need to know as a SOC Analyst, Detection Engineer, or SOAR engineer before and after my upgrade to Enterprise Security 8? What is the difference between Enterprise Security Essentials and Enterprise Security Premier? Anything else you'd like to learn! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2025
Past Office Hours
Security
0 attendees
0
1
Security: Splunk SOAR
Wednesday, December 10, 2025
[Register Here] This thread is for the Community Office Hours session on Security: Splunk SOAR on Wednesday, Dec 10, 2025 at 11 am PT / 2 pm ET. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. What can I ask in this AMA? What’s new in the latest Splunk SOAR? Should I upgrade to this version, and what’s the easiest way to make the upgrade happen? How does the Splunk Attack Analyzer integration work? And how can playbooks be implemented to automate response processes for the malware and phishing attack? What are the practical ways to modernize legacy SOC workflows with Splunk Enterprise Security and build the TDIR workflow. How to use Wayfinder? How to measure the value of my SOAR investment? Real-world examples of how SOAR enhancements improved efficiency, security, and ROI? Anything else you’d like to learn! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2025
Past Office Hours
Security
0 attendees
0
1
Security: Splunk Threat Research Team - Security Content AMA
Wednesday, January 21, 2026
[Register Here] This thread is for the Community Office Hours session on Security: Splunk Threat Research Team - Security Content AMA on Wednesday, Jan 21, 2026 at 11 am PT / 2 pm ET. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. What can I ask in this AMA? What are the latest security content updates from the Splunk Threat Research Team? What are the best practices for implementing the Splunk Technology Add-on for Ollama? What tips and tricks can help leverage Splunk Attack Range, Contentctl, and other resources developed by the Splunk Threat Research Team? What new analytic stories and detections can surface AI-enabled workflows to help you detect and respond to emerging threats across critical enterprise platforms? How do the detections work across the integration between Cisco Talos and Splunk? Any specific questions you have when you leverage the out-of-box-detections? Any other questions about the team’s content and resources! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2026
Past Office Hours
Security
0 attendees
0
1
Security: Insider Threats
Wednesday, February 18, 2026
[Register Here ] This thread is for the Community Office Hours session on Security: Insider Threats on Wednesday, Feb 18, 2026 at 11 am PT / 2 pm ET. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. What can I ask in this AMA? What are the most common insider threats today, and what are the typical indicators associated with them? What are the key considerations when detecting and analyzing insider threats? What are the best practices for detecting and investigating insider threats using Splunk? How can I maximize the use of threat intelligence and contextual insights when investigating insider threats? How can I best leverage data from Splunk to understand insider threat trends? How can machine learning and AI be used to scale your analytics? Can you provide insights on how User and Entity Behavior Analytics (UEBA) helps detect insider threats? How does the risk scoring work? Any other questions about the team’s content and resources! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2026
Past Office Hours
Security
0 attendees
0
0
Security: Enterprise Security Essentials and Enterprise Security Premier
Wednesday, March 18, 2026
[Register Here] This thread is for the Community Office Hours session on Security: Enterprise Security Essentials and Enterprise Security Premier on Wednesday, March 18, 2026 at 11 am PT / 2 pm ET. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. What can I ask in this AMA? What is available in Splunk Enterprise Security (ES) Premier that is not available in Splunk Enterprise Security (ES) Essentials? What makes ES Essentials better than ES 7.X? What new or improved use cases should I expect ES Premier to help me deliver? What should I consider or prepare if I’m currently using ES Essentials and planning to migrate to ES Premier? What will happen to my dashboards, configurations, and investigations if I upgrade from ES Essentials to ES Premier? What sort of education or professional services are available for me to build an expert practice in ES Essentials or ES Premier? What does the SOAR integration look like for ES Essentials and ES Premier? How does UEBA integrate with ES Premier? Anything else you’d like to learn! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2026
Past Office Hours
Security
0 attendees
0
1
Security: Splunk AI in Security AMA
Wednesday, April 22, 2026
[Register Here] This thread is for the Community Office Hours session on Security: Splunk AI in Security AMA on Wednesday, April 22, 2026 at 11 am PT / 2 pm ET. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. What can I ask in this AMA? What are best practices for leveraging the AI Toolkit and AI Assistant in Security? What are some key benefits? What are some of the best approaches for leveraging Splunk's AI capabilities with my existing security workflows? How can investigations be streamlined with the AI Assistant in Security? How can Splunk's AI capabilities for security accelerate advanced threat detection and response? How can Splunk's AI offerings help support custom security use cases? Is a separate license required for Splunk's AI for security capabilities? Are there any resources or training programs available to help teams adopt Splunk AI in security? Anything else you’d like to learn? Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(3)
Labels
Labels:
2026
Past Office Hours
Security
0 attendees
0
0
EMEA Community Office Hours: Enterprise Security Essentials & Premier
Wednesday, May 20, 2026
[Register Here] This thread is for the EMEA Community Office Hours session on Enterprise Security Essentials & Premier on Wednesday, May 20, 2026 at 10 am BST / 11 am CEST. Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics. While this session is scheduled as an EMEA office hour for time zone convenience, it is open to everyone—if the time works for you, we’d love to have you join us. What can I ask in this AMA? What is available in Splunk Enterprise Security (ES) Premier that is not available in Splunk Enterprise Security (ES) Essentials? What makes Enterprise Security Essentials better than ES 7.X? What new or improved use cases should I expect Premier to help me deliver? What should I consider or prepare if I’m currently using ES Essentials and planning to migrate to ES Premier? What will happen to my dashboards, configurations, and investigations if I upgrade from ES Essentials to ES Premier? What sort of education or professional services are available for me to build an expert practice in ES Essentials or ES Premier? What does the SOAR integration look like for ES Essentials and ES Premier? How does UEBA integrate with ES Premier? Anything else you’d like to learn! Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants. Look forward to connecting!
Labels
(2)
Labels
Labels:
Past Office Hours
Security
0 attendees
0
0
