Calisec Team won Splunk Boss of the SOC (BOTS) Day 2019 (San Jose).
What is Boss of the SOC (BOTS)?
Boss of the SOC is a blue-team jeopardy-style capture-the-flag-esque (CTF) activity where participants use Splunk—and other tools—to answer a variety of questions about security incidents that have occurred in a realistic but fictitious enterprise environment. It's designed to emulate how real security incidents look in Splunk and the type of questions analysts have to answer.
Our Preparations
Our team members has spent full week to prepare for this competition. Our preparation includes:
- Setup Splunk practice environment by using BOTSv1 and BOTSv2 datasets
- Study all materials that related to BOTS in Splunk .conf (Annual Conference)
- Study blog posts on splunk.com
Reference Materials
Blog Post
Microsoft Azure
Recording, Slide, Sample Searches
AWS
Recording, Slide, Sample Searches, Log Description