We are busy preparing for the North American Boss of the SOC (BOTS) Day to be held on June 19, 2019. With just about a month to go, now is the perfect time to explain a bit more about this unique event. If you've read enough and just want to sign up, TL;DR you can register right here, right now. If you want to learn more about what this event has in store, read on as we explain just what the North American BOTS Day is all about.
What is Boss of the SOC?
BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage all of Splunk’s security solutions—and other resources—to answer a variety of questions about real-world security incidents analysts face daily in a simulated enterprise environment. We developed BOTS because we were tired of showing up at security conferences and finding the CTFs to be entirely red-team oriented. There are other Blue Team CTFs out there—especially the grandfather to them all, SANS NetWars—but few of them attempt to recreate the life of a security analyst facing down an adversary at all stages of an attack.
In BOTS, we work very hard to ask questions that not only require contestants to know and/or get to know Splunk solutions, but also know how to research open source intelligence and think outside of the "Splunk Security" box.
Are you excited yet?
What is North American BOTS Day?
North American BOTS Day 2019 will include everything you have come to love about BOTS, with one big twist. Participants will participate from eleven locations across North America from Irvine, California to Toronto, Canada. We'll crown city champs in each location and an overall BOTS Day winner. You'll need to pick a city when you register, and you must be present at that venue to play. Check out a map of the locations below, and see the full list on the registration page.
North American BOTS Day Schedule
BOTS Day will be based on the BOTSv3 dataset unveiled at .conf18 back in October. While the dataset will be the same, we are busy creating a brand new question set for BOTS day. The event will feature never-before-seen questions, no spoilers and no unfair advantages for you or anyone else.
Should I Play?
In a word, yes. We've written about who should play before, but it’s worth repeating here. If you've gotten this far, you are almost certainly an excellent fit for BOTS. To hold your own in BOTS, we usually tell folks they need to know a little about the Splunk security solutions and a little about security. However, all you really need is the desire to learn and have fun.
Yes, it's true that the winners of BOTS competitions will usually be very knowledgeable in both Splunk solutions and security, but everyone will have a great time and learn something new.
The questions in BOTS range from easy to hard and everything in between. Every question comes with hints to nudge you in the right direction, and if you need more, coaches are onsite to help when the hints run out. Also—don't forget—BOTS is a team sport, so if you bring your crew, you won't be alone.
If all of that isn’t enough to convince you that BOTS is a safe, supportive, and fun learning environment, we've now made it super easy to play anonymously if you choose. Are you feeling a little judged on that big scoreboard? No problem. Just flip the bit on anonymous mode to take the pressure off while you catch up or plot your next move.
How Can I Prepare?
Here are some great ways to prepare for BOTS day:
- Check out our "Hunting With Splunk" blog series. More than anything else, mastering the topics covered in this series will help you answer more questions faster.
- Take advantage of Free Splunk Fundamentals 1 Training
- Practice your Splunk hunting with prior versions of BOTS
- Stand up your own BOTS environment and practice
Is There Any Fine Print?
Yeah, there's always a little, isn’t there?
- Registration is required, but free; space is limited; no walk-ins allowed.
- Please register with an email that you can access on the day of the event.
- Contestants are encouraged to register in teams of up to four for the best experience (teams with more than four members will not be allowed).
- You must be present in the city where you registered to play. Remote participation is not allowed.
- You are required to bring a laptop computer equipped with WIFI and running a supported web browser.
- On BOTS Day, you will need to acknowledge Splunk’s privacy statement before you are allowed to play.
How Do I Register Again?
Just sign up here.
We look forward to hosting you at Splunk North American BOTS Day 2019!