blog.scrt.ch
Open in
urlscan Pro
2606:4700:3035::ac43:ab4b
Public Scan
URL:
https://blog.scrt.ch/2022/04/04/splunk-boss-of-the-soc-bots-insomnihack/
Submission: On April 09 via manual from US — Scanned from DE
Submission: On April 09 via manual from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
Skip to content Sec Team Blog Discover the latest news from SCRT's team Menu and widgets CATEGORIES * Analytics (5) * Antivirus bypass (6) * Events (54) * Exploit (6) * Forensics (6) * Hardware (10) * Insomni'hack (36) * News (57) * Pentest (7) * Vulnerability (30) ARCHIVES * 2023 (5) * 2022 (8) * 2021 (6) * 2020 (7) * 2019 (3) * 2018 (3) * 2017 (11) * 2016 (7) * 2015 (12) * 2014 (15) * 2013 (28) * 2012 (21) * 2011 (15) * 2010 (17) SPLUNK BOSS OF THE SOC (BOTS) @INSOMNI’HACK It’s was a pleasure this year to meet you at the 2022 edition of our amazing security conference Insomni’hack ! With Splunk collaboration, we come back this year with “Splunk Boss Of The SOC” challenge. WHAT IS BOTS AND HIS HISTORY Boss Of The SOC (BOTS) is a blue-team version of capture the flag competition. As a SOC analyst, you have to explore and investigate realistic event data/alert in Splunk Enterprise and Splunk Enterprise Security. During the competition, you can practice your security skills and compete with other participant. You have to answer a series of questions with different type, difficulty. Points are obtained for both accuracy and speed. The first BOTS edition was created by Splunk at the .conf2016 and today it is an unavoidable event of each edition of Splunk .conf. The 2021 edition was virtual but did not impact the participation rate : 3700 attendees, 966 teams from over 700 organizations. The next BOTS is planned at Splunk .conf 22 (18:00 Pacific/UTC-7), 14 June 2022. Remote participation is possible ! SCENARIO The main story for Insomni’hack BOTS edition was the following : ” You and your team will role play as the quirky Security Analyst Alice Bluebird, a security analyst at Frothly, a thriving home brewing supply company. Why? Just because it’s a pandemic doesn’t mean Frothly has stopped defending its network. Contestants will pivot through a brand new, realistic dataset using Splunk’s analytics-driven security platform and the wild, wild web. All the while racing the clock ( and the globe) to identify the who, how, and where through a series of full forensic investigations.” 6 scenarios were available : Splunk ES, Splunk SOAR, AWS, Remote Work, APT and GCP. Behind theses scenarios, the tools were Splunk Enterprise, Splunk Enterprise Security, Splunk SOAR and Corelight. WHO CAN PARTICIPATE ? Everyone can participate! It’s fun and it lets you practice your security skills on a very cool platform. You can prepare yourself with the Splunk resources below: * Free Splunk Fundamentals 1 Training * Hunting With Splunk blog series * Practice old dataset SCORING We are proud of SCRT analytics team to be at the first place for this edition : Congratulations to all participants of this edition and see you again next year ! Posted on April 4, 2022January 6, 2023Author Quentin BrusaCategories Analytics, Insomni'hack, News POST NAVIGATION Previous Previous post: Apiculture 2 write-up Next Next post: Automatically extracting static antivirus signatures