Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Contextualizing your Splunk logs

Quiessence Phillips (City of New York)
1:15pm–1:55pm Tuesday, October 31, 2017
Security analytics
Location: Sutton North

Who is this presentation for?

  • Security analysts and engineers and anyone interested in cybersecurity

Prerequisite knowledge

  • A working knowledge of Splunk (useful but not required)

What you'll learn

  • Explore concepts for adding context to existing toolsets to improve the effectiveness and efficiency of cybersecurity practices


In a daily fight to secure organizations, security analysts are inundated with a massive log set (if one is so fortunate), but with it comes a high signal-to-noise ratio. Increase your signal by adding context to your logs, such as tagging blocks of IP addresses based on their region, labeling high-value targets, grouping hosts based on a specific corollary, and tagging AV logs as an agnostic approach to multiple vendors being used. This type of additional data added to your logs enables more intelligent alerts, improves triaging efforts for analysts, and enhances security metrics, among many other benefits. Join Quiessence Phillips to learn about the type of context that could be added and the value of its addition.

Photo of Quiessence Phillips

Quiessence Phillips

City of New York

Quiessence Phillips is the Threat Management Lead for New York City’s Cyber Command, where she leads the Security Operations Center, CERT and Threat Intelligence functions. A cybersecurity professional with 10 years of experience working within the financial industry as well as a mom, mentor, coder, hacker, and strategist.

Quiessence is the cofounder of a nonprofit EdTech organization – JOURNi, which is building an authentically inclusive tech ecosystem in Detroit.

In efforts to get more women into cybersecurity, she also started Securing Your Path – a community for women interested in forging their path in the industry.