Boss of the SOC (BOTS!) at .conf21 Virtual

Splunk is committed to using inclusive and unbiased language. This blog post might contain terminology that we no longer use. For more information on our updated terminology and our stance on biased language, please visit our blog post. We appreciate your understanding as we work towards making our community more inclusive for everyone.

Boss of the SOC (BOTS) at .conf20, Splunk's annual user conference, was a huge event. We saw over 3,700 contestants register to compete across the globe in a fully virtual environment. During the event, 966 teams played from over 700 organizations, submitting in excess of 71,000 question attempts over 9,100 hours of competition play. 

Those are some BIG numbers, but this year we are going even bigger! 

Grace and the team at Frothly are back! Unfortunately, they are once again seeing some nefarious activities, and need you (in your role as Alice Bluebird) to help protect their multi-cloud, on-prem and physical environments! Join us as we see BOTS go live at .conf21.

What is Boss of the SOC (BOTS)?

BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite — and other resources — to answer a variety of questions about the type of real-world security incidents that security analysts face regularly. We developed BOTS because we were tired of showing up at security conferences and finding the CTFs to be entirely red-team oriented. There are other blue team CTFs out there — especially the grandfather to them all, SANS NetWars — but few of them attempt to recreate the life of a security analyst facing an adversary at all stages of an attack.

For BOTS, we work very hard to ask questions that not only require contestants to know Splunk but also know how to research open-source intelligence (OSINT) and think outside of the “Splunk” box.

Are you excited yet?

What's Happening During BOTS @ .conf21?

This event will feature everything you've come to know and love about BOTS. Just like always in BOTS, you are encouraged to compete in teams of up to four players, and we are busy preparing a bunch of ways to enhance the virtual experience for this year's event.

The event will take place twice on October 18th at 9AM (Pacific Time) and at 6PM (Pacific Time).

Should I Play BOTS?

In a word, yes. We've written about who should play before, but it's worth repeating here. If you've gotten this far, you are almost certainly an excellent fit for BOTS.

To hold your own in BOTS, we usually tell folks they need to know a little about Splunk security solutions and a little about security. However, all you really need is the desire to learn something new and have fun.

The questions in BOTS range from easy to hard, and everything in between. Every question comes with hints to nudge you in the right direction, and if you need more, coaches are onsite and online to help when the hints run out. Also — don't forget — BOTS is a team sport, so if you bring your crew, you won't be alone.

If all of that isn't enough to convince you that BOTS is a safe, supportive, and fun learning environment, we've now made it super easy to play anonymously if you choose. Are you feeling a little judged on that big scoreboard? No problem. Just flip the bit on anonymous mode to take the pressure off while you catch up or plot your next move.

How Can I Prepare?

Here are some great ways to prepare for BOTS day:

• Check out our "Hunting With Splunk" blog series. More than anything else, mastering the topics covered in this series will help you answer more questions faster
• Take advantage of Free Splunk Fundamentals 1 Training
• Practice your Splunk hunting with prior versions of BOTS
• Stand up your very own BOTS environment and practice
  
  

What's The Fine Print?

Yeah, there's always a little, isn't there? Registration is required, but free; space is limited; no game-day registration allowed:

• In the coming weeks, you will be notified about the process to set up your BOTS system login and form your team.
  • IMPORTANT: Each individual team member must register separately, even if you are planning to participate as a team. 
• Please register with an email that you can access on the day of the event
• You are required to bring a laptop computer equipped with WIFI and running a supported web browser
• On BOTS Day, you will need to acknowledge Splunk's privacy statement before you are allowed to play

How Do I Register Again?

Register for BOTS by registering for .conf21 and the BOTS portal!