.CONF & .CONF GO

Boss of the SOC at Splunk .conf22!

By Tom Smit April 18, 2022

So you’ve heard that Boss of the SOC (BOTS) is the place to be on Monday nights at Splunk .conf. Version 7 of BOTS is coming at you on Monday June 13th at 6pm PDT — form your team and sign up now!

What is Boss of the SOC?

BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite to answer a variety of questions about the type of real-world incidents that security analysts face regularly. We developed BOTS because we were tired of showing up at security conferences and finding the CTFs to be entirely red-team oriented. There are other blue team CTFs out there — especially the grandfather to them all, SANS NetWars — but few of them attempt to recreate the life of a security analyst facing an adversary at all stages of an attack

For BOTS, we work very hard to ask questions that not only require competitors to understand Splunk but also know how to research open-source intelligence (OSINT) and think outside of the “Splunk box." Are you excited yet?

What is Happening with Our Favorite Brewery?

You’ll again play the part of Alice Bluebird, our quirky Splunk Security analyst who has had a rough go since joining Frothly Home Brewery six years ago. On the heels of last summer’s attack, Alice decided to take some much deserved vacation and enjoy time on a nice tropical island. Besides, Violent Memmes only attacks in August, why would they ever change?

With Alice enjoying an umbrella drink on a beach somewhere, Grace moved ahead with the acquisition of Toads Pest Controls. During conversations, Toads decided to decommission several tools and integrate their Splunk instance with Frothly’s to collect all of their data in one location. Meanwhile, Violent Memmes decides to attack Toads Pest Control during their Splunk Infrastructure Migration.

Should I Play BOTS?

Yes! We've written about who should play before, but it's worth repeating here. If you've gotten this far, you are almost certainly an excellent fit for BOTS.

To hold your own in BOTS, we usually tell folks they need to know a little about Splunk security solutions and a little about security. However, all you really need is the desire to learn something new and have fun.

The questions in BOTS range from easy to hard and everything in between. Every question comes with hints to nudge you in the right direction. If you need more help, coaches are onsite and online to assist when the hints run out. Also — don't forget — BOTS is a team sport, so if you bring your crew, you won't be alone.

If all of that isn't enough to convince you that BOTS is a safe, supportive, and fun learning environment, we've now made it super easy to play anonymously if you choose. Are you feeling a little judged on that big scoreboard? No problem. Just flip the bit on anonymous mode to take the pressure off while you catch up or plot your next move.

How Can I Prepare?

Take a spin on previous BOTS versions, workshops, and other Splunk security focused content on https://bots.splunk.com.
Check out our "Hunting With Splunk" blog series. Mastering the topics covered in this series will help you answer questions faster.
Take advantage of the Free Splunk Fundamentals 1 Training Course.

Fine Print

There's always something, isn’t there? Registration is required to compete in BOTS. No game-day registration is allowed.

Each individual must register at bots.splunk.com.
Please register with an email address you’ll be able to access on the day of the event.
You will need a laptop computer equipped with WiFi that runs a supported web browser.
To participate in BOTS onsite Las Vegas you must be registered for .conf22 Las Vegas. All BOSS participants will be able to compete virtually.
- If you’ve been with us in-person before, you know the trials and tribulations of WiFi - and the public shaming! Please bring a USB network adapter for your laptop! Hard wires will be provided for the in-person portion of the competition.

What Are the Important Links Again?

Registration for .conf22 is available at this link and you can register for BOTS at https://bots.splunk.com. For any questions, please reach out to bots@splunk.com.

Follow all the conversations coming out of #splunkconf22!

Follow @splunk

Posted by

Tom Smit

Tom Smit is a Principal Security Strategist at Splunk and has been a Splunker for eight years. He is active at Splunk as a voice for security, is a strong advocate of security workshops, sharing his experience, and bringing Splunk and security together for customers. During his time at Splunk he has been involved with content creation of Boss of the SOC v3, v4, v5, and head the v6 and v7 programs. Before joining Splunk, Tom held sales engineering, professional services, and product roles at Symantec, Mimecast, Raytheon, and Core Security.