Name: From Logs to Answers: A Practical SIEM Copilot
Start: 2025-10-01T18:00:00+01:00
End: 2025-10-01T20:00:00+01:00
Location: Marionete

Join us for an Apache Kafka® meetup on Wednesday, October 1st from 6:00pm in Lisbon hosted by Marionete!

📍**Venue:**
Marionete
Praça Duque de Saldanha, Atrium, 9D
You can come into the offices through one of the two side streets:
Av. Casal Ribeiro 63, Atrium, Lisboa, Portugal
Avenida Fontes Pereira de Melo , Atrium, Lisboa, Portugal

*If you cannot attend, please change your RSVP so someone else can join! Thank you!*

🗓 **Agenda:**

* 6:00pm: Doors open
* 6:00pm - 6:30pm: Food, Drinks & Networking
* 6:30pm - 7:15pm: Gonçalo Valente, Lead MLOps, Marionete
* 7:15pm - 8:00pm - Additional Q&A & Networking

💡 **Speaker:**
Gonçalo Valente, Lead MLOps, Marionete

**Title of Talk:**
From Logs to Answers: A Practical SIEM Copilot with Confluent Kafka, Vector Search & LLMs

**Abstract:**
Security teams drown in logs and still miss what matters. In this session I’ll show a compact, production-minded pattern for turning raw SIEM events into concise, explainable answers—using **Confluent Kafka (KRaft)** for transport, a lightweight **vector store** for retrieval, and **LLMs** (Azure OpenAI) for summarization. It’s an end-to-end demo you can run in Docker: a Kafka topic receives SIEM-like events; a consumer normalizes, fingerprints, and batches them for embeddings; vectors land in Chroma; and a tiny API/app lets you ask “Were there any noteworthy incidents in the last 48 hours?” and returns an answer with highlights and sources.
I’ll cover the practical bits that make this usable beyond a toy:

* **Stream design:** schema-lite normalization for common SIEM sources; deduping via content fingerprints; handling late/duplicate data.
* **Ops & cost controls:** batching, backpressure, idempotent upserts, and safe defaults for embedding/chat usage.
* **Security & hygiene:** basic PII redaction patterns and metadata-driven retention.
* **Developer experience:** one-command Docker startup, Kafka UI for visibility, synthetic event producer for repeatable demos.
* **Adaptation path:** where Confluent components like Schema Registry, RBAC, Connect, and ksqlDB slot in as you harden the PoC.

You’ll leave with a small, clear blueprint you can adapt to your own estate—plus a working demo you can show to both managers (executive summary) and analysts (drill-down context with citations).

**Bio:**
Gonçalo Valente is the Head MLOps & Automation at Marionete with a background in software development and DevOps. Over the past few years he has focused on containerized, end-to-end platforms that bridge data engineering and applied ML—prioritizing reliability, developer ergonomics, and cost awareness. He’s especially interested in how modern container tooling and streaming patterns (Kafka) can power retrieval-augmented workflows that turn messy operational data into actionable, auditable answers.

\*\*\*
DISCLAIMER
NOTE: We are unable to cater for any attendees under the age of 18.
If you would like to speak or host our next event please let us know! [community@confluent.io](community@confluent.io)

Alice Richardson

David Navalho

Lisbon Apache Kafka® Meetup by Confluent

Confluent

Technology

Software Development

Web Technology

Computer Programming

Technology Startups

Stream Processing

Apache Kafka

Microservices

From Logs to Answers: A Practical SIEM Copilot

Big Data

Open Source

Marionete

Share

Lisbon Apache Kafka® Meetup by Confluent

From Logs to Answers: A Practical SIEM Copilot

Lisbon Apache Kafka® Meetup by Confluent

Details

Members are also interested in