Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Splunk is committed to using inclusive and unbiased language. This blog post might contain terminology that we no longer use. For more information on our updated terminology and our stance on biased language, please visit our blog post. We appreciate your understanding as we work towards making our community more inclusive for everyone.
We're just a few short weeks away from .conf23, Splunk’s annual user conference, hosted this year in Las Vegas from July 17-20. BOTS version 8 will launch Monday night, the 17th, at 8:00 PM Pacific time onsite at .conf23. Since 2015, the Security Strategist team at Splunk has debuted new versions of our Boss of the SOC (BOTS) competition at .conf. This year is no different! We are proud to present to our customers BOTS .v8 with tales of a new fictional adversary. BOTS8 will encompass all the things that our customers have come to expect and love. We will have our tried and true Advanced Persistent Threat scenario, our showcase scenarios around our flagship Security products Splunk Enterprise Security and Splunk SOAR, and some new content surrounding DevSecOps and DevOps. We’ll also keep you on your toes with the traditional steganography questions and some interesting easter eggs across the entire program to keep you looking for those hard to find clues.
Our new Web App Attack scenario will take a dive into the world of application development and look at web application attacks against modern application architectures. You’ll have to keep your wits as you unpick the CI/CD pipeline and take a deep dive into the application codebase to unravel the secrets of this complex attack.
Speaking of modern application architecture, we’re happy to include our Observability team and product line in BOTS this year. You’ll get to see the world through a whole new lens, investigating an incident in a microservices architecture using code instrumentation in the Splunk Observability cloud. You’ll use metrics, application traces and real-user-monitoring to get to the bottom of what’s really happening in this exciting new scenario.
BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite to answer a variety of questions about the type of real-world incidents that security analysts face regularly. We developed BOTS because we were tired of showing up at security conferences and finding the CTFs to be entirely red team-oriented. There are other blue team CTFs out there — especially the grandfather to them all, SANS NetWars — but few of them attempt to recreate the life of a security analyst facing an adversary at all stages of an attack.
For BOTS, we work very hard to ask questions that not only require competitors to understand Splunk but also know how to research open-source intelligence (OSINT) and think outside of the “Splunk box." Are you excited yet?
Yes! We've written about who should play before, but it's worth repeating here. If you've gotten this far, you are almost certainly an excellent fit for BOTS.
To hold your own in BOTS, we usually tell folks they need to know a little about Splunk Security Solutions and a little about security. However, all you really need is the desire to learn something new and have fun.
The questions in BOTS range from easy to hard and everything in between. Every question comes with hints to nudge you in the right direction. If you need more help, coaches are onsite and online to assist when the hints run out. Also — don't forget — BOTS is a team sport, so if you bring your crew, you won't be alone.
If all of that isn't enough to convince you that BOTS is a safe, supportive, and fun learning environment, we've now made it super easy to play anonymously if you choose.
There's always something, isn’t there? Registration at .conf23 is required to compete in BOTS.
Follow all the conversations coming out of #splunkconf23!