Boss of the SOC

Boss of the SOC


APRIL 12, 2018

Register Now!

* * * * * * * *

What is BOTS?

Boss of the SOC is a blue-team, capture-the-flag-esque (CTF) activity where participants use Splunk—and other tools—to answer a variety of questions about security incidents that have occurred in a realistic but fictitious enterprise environment. It's designed to emulate how security teams respond to real security incidents.

Splunk Boss of the SOC offers a new, half-day, blue-only challenge, focused on investigations. BOTS participants drop into a scenario emulating a day in the life of a security analyst facing down an adversary, at all stages of an attack.

In the Boss of the SOC CTF, we work very hard to ask questions that not only require contestants to know Splunk, but also know how to research Open Source Intelligence and think outside of the “Splunk” box. Imagine that you’ve just been made aware of a breach. The BOTS scenario challenges participants to trace the steps that led to the incident, and determine the extent of the compromise.


Will participants with minimal cyber security experience get value from BOTS? All levels of experience will get value from participating in BOTS. In fact, there have been a large number of contestants who have enjoyed participating in BOTS who have never seen Splunk or worked in cyber security.

Is this right for my team?

To hold your own in BOTS, we usually tell folks they need to know a little about Splunk and a little about security. However, all you really need is the desire to learn something new and the desire to have a lot of fun.

It's true that the winner of a BOTS competition will usually be both familiar with using Splunk, and good at security, but everyone will get value from the experience, and learn something new. BOTS is a team sport, and this activity is an opportunity for your team to practice working together under pressure.Okay, I’m sold! How do I sign up?

Just reply to this email nominating names and email addresses of your team. We recommend teams of 2-4 people with a maximum of 5. If you’d like to nominate 1 or 2 people and have them connected to other competitors to form a team, let us know and we’ll do our best to facilitate that.

How can my team prepare?

Need to brush up on your Splunk chops beforehand? No problem! Splunk offers free introductory training Splunk Fundamentals 1 at the following link.

After completing Fundamentals 1 we recommend you check out our "Hunting with Splunk: The Basics" blog series, which we created specifically to prepare teams for what they will face in BOTS.

Happy hunting and we look forward to the event.


  • 11:00am - 11:30am: Welcome
  • 11:30am - 2:00pm: Introduction to Splunk Boss of the SOC;
    Rules of Engagement
  • 12:00pm - 4:30pm: Boss of The SOC exercise
  • 4:30pm - 4:45pm: Winners Announced & Closing

Event Details


April 12, 2018
11:00am – 4:45pm


Venue Name
191 St Georges Terrace
Perth 6000