Select your country

BelgiumBelgium

ChinaChina

DenmarkDenmark

FranceFrance

GermanyGermany

GlobalGlobal

Maghreb & West AfricaMaghreb & West Africa

NetherlandsNetherlands

NorwayNorway

South AfricaSouth Africa

SwedenSweden

SwitzerlandSwitzerland

United KingdomUnited Kingdom

Not finding what you are looking for, select your country from our regional selector:

Rechercher

  1. Orange Cyberdefense - Suisse
  2. Insights
  3. Blog
  4. Splunk Boss Of The SOC (BOTS)

Splunk Boss Of The SOC (BOTS)

Share

What is BOTS and its history

Author: Quentin Brusa

Boss Of The SOC (BOTS) is a blue-team version of a Capture The Flag competition. As a SOC analyst, you have to explore and investigate realistic event data/alert in Splunk Enterprise and Splunk Enterprise Security. During the competition, you can practice your security skills and compete with other participants. You have to answer a series of questions with different types and difficulty. Points are obtained for both accuracy and speed.

The first BOTS edition was created by Splunk at the .conf2016 and today it is an unavoidable event of each edition of Splunk .conf. The 2021 edition was virtual but did not impact the participation rate: 3700 attendees, with 966 teams from over 700 organizations.

The next BOTS is planned at Splunk .conf 22 (18:00 Pacific/UTC-7), 14 June 2022. Remote participation is possible.

 

Scenario

The main story for Insomni’hack BOTS edition was the following:

”You and your team will role play as the quirky Security Analyst Alice Bluebird, a security analyst at Frothly, a thriving home brewing supply company. Why? Just because it’s a pandemic doesn’t mean Frothly has stopped defending its network. Contestants will pivot through a brand new, realistic dataset using Splunk’s analytics-driven security platform and the wild, wild web. All the while racing the clock (and the globe) to identify the who, how, and where through a series of full forensic investigations.”

6 scenarios are available: Splunk ES, Splunk SOAR, AWS, Remote Work, APT and GCP.

Behind theses scenarios, the tools were Splunk Enterprise, Splunk Enterprise Security, Splunk SOAR and Corelight.

Who can participate?

Everyone can participate! It’s fun and it lets you practice your security skills on a very cool platform. You can prepare yourself with the Splunk resources below:

Scoring

We are proud of the Orange Cyberdefense (previously SCRT) analytics team to be at the first place for this edition:

Congratulations to all participants of this edition and see you again next year!

Réponse à incident

Vous faites face à une Cyber attaque ?

24/7/365 nos experts vous accompagnent réponse à incident.