Boss of the SOC (BOTS) is Splunk’s blue-team capture the flag-esque competition in which defenders use Splunk’s suite of security products to find APT threats, discover attacks and figure out what happened to our favorite virtual organization “Frothly Brewing Co.”.
On Wednesday 22nd March contestants got to explore and investigate realistic event data in Splunk Enterprise and Splunk Enterprise Security, and respond to these attacks using Splunk SOAR. This brought out the smartest and most eager Splunk Enthusiasts, our contestants were not only IT Security analysts, but a wide range of professionals, project managers, product owners, analysts, red teamers and even an airline pilot!
This time BOTS came to EMEA virtually and in over 16 in-person locations and over 1100 concurrent players joined us for our four hour competition. This saw EMEA’s best security professionals practice their threat hunting skills and compete against peers for prizes and mainly bragging rights. Players received a series of questions of varying type and difficulty and points were awarded for both accuracy and speed.
The day kicked off with our central presentation from Zürich and cast from multiple locations in Europe and Middle East, zooming in from one location to another in a Eurovision-esque way. Venues included Science Museums, Nightclubs, Hotels, our local Splunk Offices, Innovation Centers, and most importantly a Brewery!
Teams gathered, there was a tense and excited atmosphere as all contestants came in, set up their workstations and got their supplies of coffees and other drinks to keep them going throughout the competition. As usual, all countries started bragging immediately; the best drinks were in Oslo, the best Pizza was claimed both by the Rome and Milan teams (who knew!), Amsterdam claimed the best view and Zurich was in the lead for the worst fashion choice by the presenters!
However as soon as the game kicked off with a loud gong ringing in Vienna, there was pure silence. In most locations you could hear a pin drop and in Italy the pizzas went cold. Except for Amsterdam, where participants shouted in glee or agony when they entered either wrong or right answers.
As we neared the final minutes , it was neck-and-neck between a number of teams. And then the competition closed after 4 hours, 240 minutes or 14,400 seconds and the players waited anxiously to wait to here who had won!
Now, it might have been something to do with the number of players, players’ frantic answering in those final minutes,or the fact that our internal BOTS accounting leprechauns had a coffee break…… But after the winner ceremony, a number of points were still being added up until hours after the event. This caused some confusion during the first time a winner was announced. After all this, we are really happy to present:
TeamNX 1 and NetNordic Lions
Indexers United
Frozen Penguins
Entitysec
With the competition over, the bars were opened and with some of the winners using their trophy as a drinking cup we ended the day of this fun and educational event.
In the end, we at Splunk try to help companies become more resilient, and a large part of that starts with education, training, networking and competition. We are happy to have such a fanatic devoted fan base who is willing to take time out of their busy schedules to play the mother of all blue team games!
Thanks to all of EMEA for joining us and we hope to see you next year! If you happen to be traveling out to .conf23, be sure to take a look at our next BOTS competition showcasing v8 running on Monday 18th July.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.