Celebrating 2024 Worldwide BOTS Day

After a successful launch of BOTS at .conf24, we’re ready to take it to the masses. BOTS9 encompasses all the things that our customers have come to expect and love. This year we’re introducing six new scenarios for customers to delve into. We are featuring Splunk Enterprise, Splunk Enterprise Security, Splunk SOAR, and Splunk Attack Analyzer. As has become tradition, we’ll also have our famous Easter Egg questions where anything and everything goes.

BOTSv9 Worldwide BOTS Day!

As we introduced last year, we’re taking BOTSv9 worldwide shortly after .conf. Splunk is hosting two worldwide BOTSv9 competitions on Thursday, October 31st or Friday, November 1st depending on where you’re located in the world. Here are the details:

• BOTSv9 Virtual Session 1: 31-October-2024 - 10:00 Pacific
• BOTSv9 Virtual Session 2: 31-October-2024 - 19:00 Pacific

These times were chosen to make sure every time zone in the world would be able to participate. Kickoff will start at the time listed above with a 30 minute BOTS introduction and then the competition will start at 30 minutes past the hour.

How to register for Worldwide BOTS Day 2024: Both events are available for signup on the BOTS portal.

Fine Print: Any players who participated at .conf24 in person for BOTSv9 will not be able to place within the top 3 in these virtual events. We’re more than happy to have you participate and enjoy yourself, but we want to make it a fun time for everyone playing.

What is Boss of the SOC?

BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk Security to answer a variety of questions about the type of real-world incidents that security analysts face regularly. We developed BOTS because we were tired of showing up at security conferences and finding the CTFs to be entirely red team-oriented. There are other blue team CTFs out there but few of them attempt to recreate the life of a security analyst facing an adversary at all stages of an attack.

For BOTS, we work very hard to ask questions that not only require competitors to understand Splunk but also know how to research open-source intelligence (OSINT) and think outside of the “Splunk box." Are you excited yet?

Should I Play BOTS?

Yes! We've written about who should play before, but it's worth repeating here. If you've gotten this far, you are almost certainly an excellent fit for BOTS.

To hold your own in BOTS, we usually tell folks they need to know a little about Splunk security solutions and a little about security. However, all you really need is the desire to learn something new and have fun.

The questions in BOTS range from easy to hard and everything in between. Every question comes with hints to nudge you in the right direction. If you need more help, coaches are onsite to assist when the hints run out. Also — don't forget — BOTS is a team sport, so if you bring your crew, you won't be alone.

How Can I Prepare?

• Take a spin on previous BOTS versions, workshops, and other Splunk security focused content right here.
• Check out our "Hunting With Splunk" blog series. Mastering the topics covered in this series will help you answer questions faster.
• Take advantage of our free training.

We all hope that those of you who attended .conf24 and played had an amazing time at the competition. We also hope to see all of you who haven’t yet got a chance to play at Worldwide BOTS Day!