Cover Image for Less noise, more signal: SBOMs + Agentic Observability

Presented by

Meetups for people working with search. Technical talks about full-text search, vector databases, LLMs, ML, observability, and data at scale. Sponsored by Elastic.

Hosted By

8 Going

Featured in

DC Data & AI Events

Less noise, more signal: SBOMs + Agentic Observability

Name: Less noise, more signal: SBOMs + Agentic Observability
Start: 2026-05-19T17:30:00.000-04:00
End: 2026-05-19T19:30:00.000-04:00
Location: 4100 Fairfax Dr

You Know, for Search

4100 Fairfax Dr

Arlington, VA

Welcome! To join the event, please register below.

You will be asked to verify token ownership with your wallet.

About Event

We’re excited to bring the community together for an evening of learning and connection. This time, we'll have a community member from Chainguard sharing a use case and, as usual, an Elastic employee sharing their expertise as well.

Come support your fellow developers, learn something new, and meet others who are passionate about search, observability, and security.

Date and Time:
Tuesday, May 19th, from 5:30-7:30 pm EDT

Location:
Elastic Arlington Office - 4100 Fairfax Drive, Ste 500, Arlington, VA 22203

Agenda:

5:30 pm: Doors open; say hi, grab a seat, and eat some food.
6:00 pm: The SBOM Pile in Your S3 Bucket: Turning Bills of Materials Into a Risk Dashboard; and Watching It Shrink with Chainguard, by Mike Barreta, Senior Manager, Engineering at Chainguard
6:30 pm: Q&A
6:40 pm: Agentic Observability: Next-Gen Alerting and Auto-Detected Significant Events, by Jason Rhodes,
Senior Manager, Software Engineering at Elastic
7:10 pm: Q&A
7:20-7:30 pm: Networking & refreshments

Talk Abstracts:

"The SBOM Pile in Your S3 Bucket: Turning Bills of Materials Into a Risk Dashboard; and Watching It Shrink with Chainguard"

Most organizations now generate SBOMs because someone — EO 14028, a FedRAMP auditor, an ISSM — told them to. They land in an S3 bucket, get versioned, and are almost universally never queried. This talk is about what happens when you finally do. I'll stand up a self-contained Elastic stack, pour in SBOMs (SPDX), SLSA provenance, Sigstore signatures, Grype vulnerability scans, the CISA KEV catalog, and OpenVEX adjudication for 30 container images, and show the queries that only become possible once SBOMs stop being compliance artifacts and start being telemetry: which packages I actually run right now, which CVEs are real exposures versus VEX-suppressed noise, what swapping a stock image for its Chainguard equivalent would buy me, and how much of my CVE list is just stuff I inherited from the base layer.

Then the cleanup. The same dashboards on Chainguard images show what disappears when the SBOM is small, the signatures verify, and the advisory feed is active: ~9,000 fewer CVEs and ~2.5 GB saved across 20 image pairs, KEV exposure dropping from 7 hits to 0, compliance pass rate going from 0% to 76.5% against NIST 800-218 FedRAMP Moderate SSDF.

Bio:
Mike Barretta leads Chainguard’s public sector solutions engineering team, focused on helping ensure the federal government receives its fair share of the future. Barretta has worked across civilian, defense and intel programs in a variety of roles—software developer, data scientist, solution architect—for a variety of organizations—system integrators, consulting companies, software vendors—with the common purpose of creating and championing technologies and techniques for simplifying the extraction and utilization of information from lots of data. Having witnessed the ever-increasing threats to those systems, Barretta is now focused on methods and mitigations to secure them

Agentic Observability: Next-Gen Alerting and Auto-Detected Significant Events

We're rebuilding Elastic's alerting engine to make alerts more flexible, more powerful, and more valuable as data. Next-gen alerting rules will run anything ES|QL supports and capture whatever fields matter to you, so alerts carry the context you need for real downstream analysis. And if you'd rather not manage these rules yourself, AI agents can help, drafting them from natural language, recommending tuning and configuration changes, and reducing noise through deduplication.

On top of this, we're also building a new Significant Events system which automatically builds a continuously updated knowledge base of your incoming data's own metadata. Using this deep understanding, our agentic tools will detect significant events from log patterns, anomalies, and predicted behavior — without you having to create a single rule.

Bio:
Jason Rhodes is a software engineering lead at Elastic, where he works on alerting and observability features. Based in the DC area, he has over 15 years of experience in software development and has been an active contributor to the local tech community — creating and organizing Baltimore NodeSchool and charmCityJS. When he's not writing and reviewing code, he's probably watching too many movies.

Parking:

The building’s parking garage is operated by Colonial Parking and is located off N. Randolph Street
Book a spot on SpotHero
A Metro Station is located across the street

Location