Splunk.conf 2023

The Splunk.conf experience

Aug 16, 2023
Written by Davinsi Labs

Davinsi Labs is dedicated to nurturing the growth of its engineers' knowledge and skills, which is why we were offered the chance to attend the annual .conf conference, organized by Splunk. As primarily members of the Platform team and the Managed Detection and Response team, we had a responsibility to represent not only our teams, but everyone in Davinsi Labs. We're stoked about sharing all the cool knowledge and insights we picked up to further fuel our drive for superior quality and excellence.

Venetian venue at Splunk.conf

Splunk.conf was hosted in the imposing Venetian venue. Entering the Venetian for the first time, we were seriously impressed by the size of the location. You could easily spend a month inside without going elsewhere. All our needs and wants were easily fulfilled by what they offered. Imagine walking 15 to 20 km each day and almost all of it indoors. That's how big it is.
The same goes for Las Vegas, the sheer size of it (and the heat) was almost too much to take in!

Entrance Splunk.conf - Welcome at Splunk.conf

The week started with a kick-off on Monday, featuring the global partner summit. Splunk took the stage to highlight its accomplishments, exciting new announcements, and future objectives.

Following that, the official kick-off event, “Ready For Anything”, unveiled some fascinating new offerings, such as Splunk AI, Splunk Edge Hub, and the possibility to onboard Splunk in the Microsoft Azure Marketplace. Alongside exciting partnerships, including the one with Microsoft.

During the three days of .conf, attendees were treated to various interesting talks and workshops. We, from the Managed Detection and Response team, focussed on the talks about innovative ways to enhance our Use Case Library, integration with Machine Learning and further elevate the efficiency of our SOAR (Security Orchestration, Automation, and Response) playbooks.

Atmosphere Splunk.conf

We also followed talks about how we could make the daily lives of our Security Operations Center (SOC) easier and more streamlined. One of our key objectives here was to combat alert fatigue, which has become a pervasive challenge in today's dynamic cybersecurity landscape.
The conference also presented opportunities to attend talks on topics such as risk-based alerts, a crucial concept in prioritizing and responding to security incidents based on their potential impact. Moreover, we also followed a very interesting session that explored threat hunting methodologies utilising a recently developed framework (Introducing the PEAK Threat Hunting Framework).

During the times when we took breaks from attending the talks and workshops, we took the opportunity to engage with Splunk representatives. As a strategic Managed Security Service Provider (MSSP) for Splunk, we believe in providing constructive feedback, sharing our experience, and giving valuable suggestions to further enhance the Splunk product. In the Pavilion, other Splunk partners and sponsors presented their developed Splunk integrations and products, which also provided everyone the chance to network with each other.

From a platform team perspective, all talks we attended were mostly a confirmation that we are going in the right direction. The presented topics and how these were technically implemented affirm that the approach we choose to set up and maintain our multi-customer environment, and the supporting platform is the way forward.

Besides all the technical talks, we took the opportunity to strengthen and create new relationships with multiple Splunk employees. These efforts have already proven fruitful since we were able to get help and answers on some more technical difficulties, that come along with the challenge of being an MSP.

Networking at Splunk.conf

On Wednesday, the traditional Search Party took place, filling the place with excitement, games, music and most if not all of the extraordinary attendees. One of the highlights was the DJ set of the renowned DJ Jazzy Jeff, famously recognized for his appearances on the iconic show The Fresh Prince of Bel-Air. With his exceptional skills, he mixed up some fresh tunes, setting fire to the place. 
In addition to DJ Jazzy Jeff's fantastic performance, another talented artist, DJ Esther Anaya, took the stage, captivating the audience with a very danceable mix.

Goodies Splunk.conf

And of course, what conference doesn't offer some goodies to take home. Among these were the traditional Splunk hoodie, along with three fascinating books. The first book, "Bluenomicon", is a series of essays authored by renowned security researchers. Another book was "Tracers in the Dark" written by the esteemed Andy Greenberg, which is about the crime lords in the world of cryptocurrencies. Lastly, "Fancy Bear Goes Fishing," penned by Scott J. Shapiro, offered an intriguing insight into three historical vulnerabilities that made an impact to the world.

Team at Splunk.conf

All in all, this invaluable experience granted us the opportunity to fully immerse ourselves in the world of Splunk through enlightening talks, engaging workshops, and collaborative break-out sessions. This left us excited to go back home and share our experiences.
The shared experiences, knowledge, and connections forged during this occasion are sure to leave a lasting impact on each of us, serving as a cherished memory that we will fondly look back upon with a sense of pride and fulfilment.

Share this news