.conf & .conf Go

April 18, 2022

3 Minute Read

Boss of the SOC at Splunk .conf22!

By Tom Smit

Splunk is committed to using inclusive and unbiased language. This blog post might contain terminology that we no longer use. For more information on our updated terminology and our stance on biased language, please visit our blog post. We appreciate your understanding as we work towards making our community more inclusive for everyone.

So you’ve heard that Boss of the SOC (BOTS) is the place to be on Monday nights at Splunk .conf. Version 7 of BOTS is coming at you on Monday June 13th at 6pm PDT — form your team and sign up now!

What is Boss of the SOC?

BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite to answer a variety of questions about the type of real-world incidents that security analysts face regularly. We developed BOTS because we were tired of showing up at security conferences and finding the CTFs to be entirely red-team oriented. There are other blue team CTFs out there — especially the grandfather to them all, SANS NetWars — but few of them attempt to recreate the life of a security analyst facing an adversary at all stages of an attack

For BOTS, we work very hard to ask questions that not only require competitors to understand Splunk but also know how to research open-source intelligence (OSINT) and think outside of the “Splunk box." Are you excited yet?

What is Happening with Our Favorite Brewery?

You’ll again play the part of Alice Bluebird, our quirky Splunk Security analyst who has had a rough go since joining Frothly Home Brewery six years ago. On the heels of last summer’s attack, Alice decided to take some much deserved vacation and enjoy time on a nice tropical island. Besides, Violent Memmes only attacks in August, why would they ever change?

With Alice enjoying an umbrella drink on a beach somewhere, Grace moved ahead with the acquisition of Toads Pest Controls. During conversations, Toads decided to decommission several tools and integrate their Splunk instance with Frothly’s to collect all of their data in one location. Meanwhile, Violent Memmes decides to attack Toads Pest Control during their Splunk Infrastructure Migration.

Should I Play BOTS?

Yes! We've written about who should play before, but it's worth repeating here. If you've gotten this far, you are almost certainly an excellent fit for BOTS.

To hold your own in BOTS, we usually tell folks they need to know a little about Splunk security solutions and a little about security. However, all you really need is the desire to learn something new and have fun.

The questions in BOTS range from easy to hard and everything in between. Every question comes with hints to nudge you in the right direction. If you need more help, coaches are onsite and online to assist when the hints run out. Also — don't forget — BOTS is a team sport, so if you bring your crew, you won't be alone.

If all of that isn't enough to convince you that BOTS is a safe, supportive, and fun learning environment, we've now made it super easy to play anonymously if you choose. Are you feeling a little judged on that big scoreboard? No problem. Just flip the bit on anonymous mode to take the pressure off while you catch up or plot your next move.

How Can I Prepare?

Take a spin on previous BOTS versions, workshops, and other Splunk security focused content on https://bots.splunk.com.
Check out our "Hunting With Splunk" blog series. Mastering the topics covered in this series will help you answer questions faster.
Take advantage of the Free Splunk Fundamentals 1 Training Course.

Fine Print

There's always something, isn’t there? Registration is required to compete in BOTS. No game-day registration is allowed.

Each individual must register at bots.splunk.com.
Please register with an email address you’ll be able to access on the day of the event.
You will need a laptop computer equipped with WiFi that runs a supported web browser.
To participate in BOTS onsite Las Vegas you must be registered for .conf22 Las Vegas. All BOSS participants will be able to compete virtually.
- If you’ve been with us in-person before, you know the trials and tribulations of WiFi - and the public shaming! Please bring a USB network adapter for your laptop! Hard wires will be provided for the in-person portion of the competition.

What Are the Important Links Again?

Registration for .conf22 is available at this link and you can register for BOTS at https://bots.splunk.com. For any questions, please reach out to bots@splunk.com.

Follow all the conversations coming out of #splunkconf22!

Follow @splunk

Splunk Log Observer: Fast and Powerful Log Investigation for DevOps Teams

Splunk's Bill Emmett dives into a new offering and part of the Splunk Observability Suite, Splunk Log Observer.

.conf & .conf Go 2 Min Read

Join Us for Splunk’s Global Partner Summit at .conf23!

Splunk's Global Partner Summit (GPS) returns at .conf23 to create one cohesive and vibrant experience to maximize impact for partners.

.conf & .conf Go 2 Min Read

Splunk Announces New Government Logging Modernization Program

Splunk announces its new Government Logging Modernization Program, partnering with federal customers to meet the Biden Administration’s May 2021 Cybersecurity Executive Order and representing a bold step towards concrete actions to strengthen national security and address increasingly sophisticated threats facing federal agencies.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.

Learn more about Splunk

Subscribe to our blog

Get the latest articles from Splunk straight to your inbox.

Connect with Splunk on X

Follow @Splunk

Connect with Splunk on Instagram