blog.scrt.ch Open in urlscan Pro
2606:4700:3035::ac43:ab4b  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to content



Sec Team Blog

Discover the latest news from SCRT's team

Menu and widgets


CATEGORIES

 * Analytics (5)
 * Antivirus bypass (6)
 * Events (54)
 * Exploit (6)
 * Forensics (6)
 * Hardware (10)
 * Insomni'hack (36)
 * News (57)
 * Pentest (7)
 * Vulnerability (30)


ARCHIVES

 * 2023 (5)
 * 2022 (8)
 * 2021 (6)
 * 2020 (7)
 * 2019 (3)
 * 2018 (3)
 * 2017 (11)
 * 2016 (7)
 * 2015 (12)
 * 2014 (15)
 * 2013 (28)
 * 2012 (21)
 * 2011 (15)
 * 2010 (17)


SPLUNK BOSS OF THE SOC (BOTS) @INSOMNI’HACK

It’s was a pleasure this year to meet you at the 2022 edition of our amazing
security conference Insomni’hack !

With Splunk collaboration, we come back this year with “Splunk Boss Of The SOC”
challenge.


WHAT IS BOTS AND HIS HISTORY

Boss Of The SOC (BOTS) is a blue-team version of capture the flag competition.
As a SOC analyst, you have to explore and investigate realistic event data/alert
in Splunk Enterprise and Splunk Enterprise Security. During the competition, you
can practice your security skills and compete with other participant. You have
to answer a series of questions with different type, difficulty. Points are
obtained for both accuracy and speed.

The first BOTS edition was created by Splunk at the .conf2016 and today it is an
unavoidable event of each edition of Splunk .conf. The 2021 edition was virtual
but did not impact the participation rate : 3700 attendees, 966 teams from over
700 organizations.

The next BOTS is planned at Splunk .conf 22 (18:00 Pacific/UTC-7), 14 June 2022.
Remote participation is possible !


SCENARIO

The main story for Insomni’hack BOTS edition was the following :

” You and your team will role play as the quirky Security Analyst Alice
Bluebird, a security analyst at Frothly, a thriving home brewing supply company.
Why? Just because it’s a pandemic doesn’t mean Frothly has stopped defending its
network. Contestants will pivot through a brand new, realistic dataset using
Splunk’s analytics-driven security platform and the wild, wild web. All the
while racing the clock ( and the globe) to identify the who, how, and where
through a series of full forensic investigations.”

6 scenarios were available : Splunk ES, Splunk SOAR, AWS, Remote Work, APT and
GCP.

Behind theses scenarios, the tools were Splunk Enterprise, Splunk Enterprise
Security, Splunk SOAR and Corelight.


WHO CAN PARTICIPATE ?

Everyone can participate! It’s fun and it lets you practice your security skills
on a very cool platform. You can prepare yourself with the Splunk resources
below:

 * Free Splunk Fundamentals 1 Training
 * Hunting With Splunk blog series
 * Practice old dataset


SCORING

We are proud of SCRT analytics team to be at the first place for this edition :

Congratulations to all participants of this edition and see you again next year
!

Posted on April 4, 2022January 6, 2023Author Quentin BrusaCategories Analytics,
Insomni'hack, News


POST NAVIGATION

Previous Previous post: Apiculture 2 write-up
Next Next post: Automatically extracting static antivirus signatures