The best things come in threes and for the third year in a row, Splunkers down-under will take to the (virtual) thunderdome to battle it out for supreme bragging rights and plenty of schwag in the (virtual) Australia & New Zealand Boss of the SOC (BOTS) Day held on August 20, 2020.
BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage all of Splunk’s Security Operations Suite — and other resources — to answer a variety of questions about real-world security incidents analysts face regularly in a simulated enterprise environment. We developed BOTS because we were tired of showing up at security conferences and finding the CTFs to be entirely red-team oriented. There are other blue team CTFs out there — especially the grandfather to them all, SANS NetWars — but few of them attempt to recreate the life of a security analyst facing down an adversary at all stages of an attack.
In BOTS, we work very hard to ask questions that not only require contestants to know and/or get to know Splunk solutions, but also know how to research open source intelligence and think outside of the "Splunk Security" box.
Are you excited yet?
Social distancing isn’t going to stop us from running a social event so this year, we’re going virtual and it will be bigger than ever before! With 10 cities across two countries, a year’s worth of bragging rights are up for grabs along with some awesome Splunk swag!
There will be no compromises, this event will feature everything you've come to love about BOTS. Participants will compete from their safe, secure, and socially distanced locations across Australia and New Zealand. But you won't be isolated during this virtual BOTS event, far from it! Just like always in BOTS, you are encouraged to compete in teams of up to four, and we are busy preparing a brand new never-before-seen enhanced virtual experience for this year's event.
We'll crown city champs in each location and an overall BOTS Day winner.
Each team captain will register each team and its members for the day over at the registration page. Once registered, you’ll receive a welcome email with all the details required. Don’t have a team? That’s ok, we’ve got you covered and can put you in a team of like-minded peers!
BOTS Day will utilize the BOTSv4 dataset unveiled at .conf19 back in October. While the dataset will be the same, we are busy creating a brand new question set for BOTS day. The event will feature never-before-seen questions, no spoilers, and no unfair advantages for you or anyone else.
In a word, yes. We've written about who should play before, but it's worth repeating here. If you've gotten this far, you are almost certainly an excellent fit for BOTS. To hold your own in BOTS, we usually tell folks they need to know a little about the Splunk security solutions and a little about security. However, all you need is the desire to learn and have fun.
Yes, indeed, the winners of BOTS competitions are often very knowledgeable in both Splunk solutions and security. Still, everyone will have a great time and learn something new.
The questions in BOTS range from easy to hard and everything in between. Every question comes with hints to nudge you in the right direction, and if you need more, coaches are virtually available to help when the hints run out. Also — don't forget — BOTS is a team sport, so if you bring your crew, you won't be alone.
If all of that isn't enough to convince you that BOTS is a safe, supportive, and fun learning environment, we've now made it super easy to play anonymously if you choose. Are you feeling a little judged on that big scoreboard? No problem. Just flip the bit on anonymous mode to take the pressure off while you catch up or plot your next move.
Here are some great ways to prepare for BOTS day:
Yeah, there's always a little, isn't there? Registration is required, but free; space is limited; no game-day registration allowed:
Just sign up, here. We look forward to hosting you at Splunk Australia & New Zealand BOTS Day 2020!
----------------------------------------------------
Thanks!
Nick Stone
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.