.Conf17 - Everyone Can Build A Security App
•Anthony G. Tellez•2 min read
Machine LearningSecurityData ScienceSplunkConferenceWorkshop
A guided, hands-on session teaching security best practices for building Splunk Apps – specifically, key aspects of operationalizing security searches, visualizations, and workflows.
Workshop Overview
This interactive workshop covers the complete journey from concept to operational security app, using the Boss of the SOC competition dataset as a practical learning environment.
Topics Covered
Foundational Concepts
- Technical Add-ons (TA) - Proper data ingestion and normalization
- Data Validation - Ensuring data quality and consistency
- Common Information Model (CIM) - Standardizing field names and data structures
- Summarization - Accelerating searches with summary indexing
- Data Enrichment - Adding context through lookups and external data
- Analysis Techniques - Statistical and visual approaches to threat detection
- Visualization - Creating effective security dashboards
Advanced Topics
- Machine Learning - Applying ML models to security use cases
- Data Science Techniques - Hypothesis formation and testing
- Hypothesis Formation - Structured approach to threat hunting
- Process Considerations - Operationalizing detections in production
Overall Methodology
When and how building an app helps with security challenges, and how to design an app to extract key insights from common data sources.
Hands-On Learning
Participants iteratively develop a working security app that can be:
- Taken home as a learning tool
- Customized for specific use cases
- Deployed in production environments
- Rebuilt using different security frameworks
Dataset
The workshop uses the security-rich dataset from the Boss of the SOC (.conf2016) competition, providing realistic scenarios for:
- Threat detection
- Incident response
- Security analytics
- Compliance monitoring
Presentation Materials
Presented at Splunk .conf17 | Hands-on Workshop