Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
It's hard to believe a year has passed since we released the Boss of the SOC (BOTS) Scoring Server, Questions and Answers, along with the BOTS 1.0 Dataset. During that time, BOTS has continued to grow at a breakneck pace. Last October, we hosted one of the largest single in-person capture the flag (CTF) events ever with over 700 participants joining us in Orlando, Florida to compete in the debut of BOTS 3.0. We also ran the largest-ever cybersecurity challenge in Australia, along with dozens of smaller events around the globe. All this helped drive the program to surpass the 10,000 participant mark overall since its inception.
BOTS 2.0! During the past year, BOTS 2.0 (debuted at .conf in September 2017) has been our workhorse event, and became so popular that our team had to write a second question set (and then a third) to satisfy demand. BOTS 2.0 marked a dramatic expansion in scope over its predecessor, including five scenarios covering topics like advanced persistent threat, endpoint security, web application security, fraud and insider threat. It was created with the same attention to detail and commitment to realism that made BOTS 1.0 so popular.
Today, as BOTS 3.0 events become the new standard, we make good on our promise to release the BOTS 2.0 dataset along with its original question and answer set.
The BOTS 2.0 dataset is hosted on Github and Amazon S3 and comes in one of two forms:
The scoring app continues to dutifully (if not stylishly) power every BOTS and BOTN event both big and small. As enhancements are made to the scoring app, they're released directly via GitHub. Some notable improvements made in the last year include:
We're happy to send you a copy of the BOTS 2.0 questions and answers upon request! All you have to do is register here.
A whole lot! Over the past year, the BOTS 1.0 dataset has been downloaded hundreds of times and used for training, self-study, research, and of course, to recreate the BOTS CTF experience. Additionally, it has become common practice for security analysts and engineers to test new detection methods against the realistic BOTS dataset.
Yep, pretty much. The dataset, scoring apps and questions are distributed with licenses based on Creative Commons CCO. Of course, you’ll need a Splunk Enterprise instance to run all this on. If you have a Splunk license, great! If not, no worries—everything described in this post can be deployed on the free Splunk Enterprise trial version. The dataset is pre-indexed during packaging to avoid data ingest restrictions; packaging data in this way is unconventional, so please read the instructions carefully.
Those who have experienced a Splunk-run BOTS 2.0 event will recall that it included Splunk Enterprise Security (ES). Splunk ES is not included in the open source release of the BOTS 2.0 dataset and questions, but if you’d like to experience BOTS 2.0 with Splunk Enterprise Security, please reach out to your Splunk account team.
Thanks again for being part of this incredible journey!