BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//talk//C93MZK
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-C93MZK@pretalx.com
DTSTART;TZID=CET:20260507T170000
DTEND;TZID=CET:20260507T174000
DESCRIPTION:Security teams don't miss alerts because they don't care\, they
  miss them because their SIEM never shuts up. Alerts fire constantly\, at 
 the wrong time\, for expected behavior\, until everything starts to sound 
 the same. At some point\, it's no longer an alarm. It's just noise.\n\nThi
 s talk starts with a simple idea: when an alert fires matters just as much
  as what it detects. Like a whistle blaring at 2 a.m.\, many detections te
 chnically work\, but fail operationally because they lack timing\, throttl
 ing\, or basic context. Alerts trigger during business hours\, outside mea
 ningful windows\, or so often that everyone learns to ignore them.\n\nUsin
 g practical examples\, we'll look at common alerting mistakes\, why "more 
 alerts" doesn't mean better security\, and how small changes\, such as thr
 ottling\, prioritization\, and temporal context\, can dramatically reduce 
 noise.\n\nFrom there\, we'll walk through what alerts actually matter acro
 ss application\, network\, Active Directory\, and DNS telemetry\, and how 
 to design them so they fire when someone should actually care. The goal is
 n't silence\, it's a SIEM that acts like an alarm clock\, not a whistle th
 at goes “woo woo” all night.
DTSTAMP:20260411T233925Z
LOCATION:IFEN room 1\, Workshops and Detection Engineering village (Buildin
 g D)
SUMMARY:The whistles go woo woo: SIEM alerts\, threat detection and tuning 
 unnecessary noise - Melina Phillips
URL:https://pretalx.com/bsidesluxembourg-2026/talk/C93MZK/
END:VEVENT
END:VCALENDAR