Splunk Boss Of The SOC (BOTS) @Insomni’hack

It’s was a pleasure this year to meet you at the 2022 edition of our amazing security conference Insomni’hack !

With Splunk collaboration, we come back this year with “Splunk Boss Of The SOC” challenge.

What is BOTS and his history

Boss Of The SOC (BOTS) is a blue-team version of capture the flag competition. As a SOC analyst, you have to explore and investigate realistic event data/alert in Splunk Enterprise and Splunk Enterprise Security. During the competition, you can practice your security skills and compete with other participant. You have to answer a series of questions with different type, difficulty. Points are obtained for both accuracy and speed.

The first BOTS edition was created by Splunk at the .conf2016 and today it is an unavoidable event of each edition of Splunk .conf. The 2021 edition was virtual but did not impact the participation rate : 3700 attendees, 966 teams from over 700 organizations.

The next BOTS is planned at Splunk .conf 22 (18:00 Pacific/UTC-7), 14 June 2022. Remote participation is possible !

Scenario

The main story for Insomni’hack BOTS edition was the following :

” You and your team will role play as the quirky Security Analyst Alice Bluebird, a security analyst at Frothly, a thriving home brewing supply company. Why? Just because it’s a pandemic doesn’t mean Frothly has stopped defending its network. Contestants will pivot through a brand new, realistic dataset using Splunk’s analytics-driven security platform and the wild, wild web. All the while racing the clock ( and the globe) to identify the who, how, and where through a series of full forensic investigations.”

6 scenarios were available : Splunk ES, Splunk SOAR, AWS, Remote Work, APT and GCP.

Behind theses scenarios, the tools were Splunk Enterprise, Splunk Enterprise Security, Splunk SOAR and Corelight.

Who can participate ?

Everyone can participate! It’s fun and it lets you practice your security skills on a very cool platform. You can prepare yourself with the Splunk resources below:

• Free Splunk Fundamentals 1 Training
• Hunting With Splunk blog series
• Practice old dataset

Scoring

We are proud of SCRT analytics team to be at the first place for this edition :

Congratulations to all participants of this edition and see you again next year !