What is BOTS?
BOTS is a Capture-the-Flag (CTF) style workshop where contestants play the part of a SOC analyst to solve a series of realistic security challenges. Participants will use Splunk Search, Enterprise Security, and SOAR to answer these questions as quickly and accurately as possible. The contestant with the most points at the end of the competition wins!
Boss of the SOC
This competition is led by Security SMEs and Specialists for
training purposes and to stretch the defensive skills of security
analysts and hunters at using Splunk for incident response and
investigation. This workshop is designed to provide an in-depth
immersion into the world of Splunk products with extremely
realistic data sources and give participants a chance to
experiment with all of Splunk’s security offerings in a “perfect
environment” using an extremely realistic dataset.
The workshop in total is approximately 5 hours (4 hours of
gameplay and 1 hours of setup/review)
Workshop Data
The workshop involves Cloud, Endpoint, Servers, and Wire
Data from over 120+ different source types including:
● AWS security logs
● Microsoft Cloud (Office365 and Azure)
● Windows Security, Powershell
● Linux
● Sysmon
● Wire data (Splunk Stream)
● CheckPoint NGFW
Customers Who Will Benefit
The workshop is designed for personas on a Security
Operations teams responsible for threat hunting and
incident response who are comfortable with Splunk Core
and Splunk premium security products. The workshop has
three goals:
1. Give participants a chance to work through realistic data
that is perfectly groomed in a fun education environment
2. Show the power of Splunk premium solutions your SOC
may not have had a chance to experience
3. Have one-on-one interaction and tuition from Splunk
security experts in real-world scenarios.
Benefits of participating:
● Expert guidance from Splunk security subject
matter experts: Learn from Splunkers who have years
of experience, not only in Splunk but also in security.
● Real World Skill Assessment: With the realistic data
set, competitors can test their security acumen leading
security incident investigations using Splunk Search and
Splunk Premium tools, without the stress and risk of
intrusions in their production environment.
● Realistic Measurement of Security Team Skills:
Competitors will gain a stronger and more realistic
understanding of their strengths regarding incident
investigations. In addition, the results will highlight areas
for training and education via quantified feedback of
performance.
● Team Building: Getting everyone in a room to
compete, and perhaps work in teams, strengthens team
cohesion and comradery.
● Training: BOTS gives analysts exposure to new data
sources, new methods, security frameworks like
ATT&CK, Lockheed Martin Kill Chain, and walkthroughs
of Splunk’s suite of tools.
Workshop Logistics
This workshop is hands-on, and each user will need access to a
modern web browser with internet connectivity. Splunk will
provide a cloud environment where the Splunk software and data
will reside. Please bring your own personal laptop that can access a Splunk instance. Note: Government-owned laptops may have trouble connecting to or working with Splunk instances.
Registration for GovSummit is required to participate in BOTS. All participants must also have an active Splunk account. Click the Register Now button below to complete your registration. You will be able to register for BOTS from the Confirmation Page.
