Boss of the SOC Version 9 - Live from .conf24

We’re just a few short weeks away from .conf24, Splunk’s annual user conference, hosted this year in Las Vegas from June 11 - 14. Since 2016, the Security Strategist team at Splunk have debuted new versions of our Boss of the SOC (BOTS) competition at .conf. This year is no different! We are proud to present to our customers BOTS v9.

BOTS9 will encompass all the things that our customers have come to expect and love. This year we’re introducing six new scenarios for customers to delve into. We are featuring Splunk Enterprise, Splunk Enterprise Security, Splunk SOAR, Splunk Attack Analyzer, and our new Splunk Asset and Risk Intelligence. As has become tradition, we’ll also have our famous Easter Egg questions where anything and everything goes. 

We’re also happy to include our Observability team and product line in BOTS at .conf again this year. You’ll get to see the world through a whole new lens, investigating an incident in the Frothly website along with Splunk Enterprise Security to determine exactly who, what, where, when, and why. Additionally, you’ll get hands-on with Splunk Enterprise Security, metrics, application traces, and real-user-monitoring to get to the bottom of what’s really happening in this exciting new scenario. 

Start to practice now to get your investigative muscles ready for the task ahead!

What is Boss of the SOC?

BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk Security to answer a variety of questions about the type of real-world incidents that security analysts face regularly. We developed BOTS because we were tired of showing up at security conferences and finding the CTFs to be entirely red team-oriented. There are other blue team CTFs out there but few of them attempt to recreate the life of a security analyst facing an adversary at all stages of an attack.

For BOTS, we work very hard to ask questions that not only require competitors to understand Splunk but also know how to research open-source intelligence (OSINT) and think outside of the “Splunk box." Are you excited yet?

Should I Play BOTS?

Yes! We've written about who should play before, but it's worth repeating here. If you've gotten this far, you are almost certainly an excellent fit for BOTS.

To hold your own in BOTS, we usually tell folks they need to know a little about Splunk security solutions and a little about security. However, all you really need is the desire to learn something new and have fun.

The questions in BOTS range from easy to hard and everything in between. Every question comes with hints to nudge you in the right direction. If you need more help, coaches are onsite to assist when the hints run out. Also — don't forget — BOTS is a team sport, so if you bring your crew, you won't be alone.

How Can I Prepare?

• Take a spin on previous BOTS versions, workshops, and other Splunk security focused content right here.
• Check out our "Hunting With Splunk" blog series. Mastering the topics covered in this series will help you answer questions faster.
• Take advantage of our free training.

Fine Print

There's always something, isn’t there? Registration at .conf24 is required to compete in BOTS. 

• Each individual must register at bots.splunk.com with the link in your .conf24 registration confirmation email.
• Please register with an email address you’ll be able to access on the day of the event.
• You will need a laptop computer equipped with WiFi that runs a supported web browser.
• To participate in BOTS you must be onsite in Las Vegas for .conf24.
  • If you’ve been with us in-person before, you know the trials and tribulations of WiFi - and the public shaming! Please bring a USB network adapter for your laptop! Hard wires will be provided for the competition.

What Are the Important Links Again?

Registration for .conf24 is available at this link and you can register for BOTS once you receive your confirmation email. For any questions, please reach out to bots@splunk.com.

Follow all the conversations coming out of #splunkconf24!

Follow @splunk