October 1, 2018 | 7:00 PM ET

Event is full.
Registration Closed.

Registered .conf18 attendees are invited to join the Splunk Security Team for an all new Boss of the SOC (BOTS) competition at .conf18! During the BOTS competition, you'll show off your l337 skillz and compete against your peers. Are you new to Splunk or competing in a capture the flag isn’t your thing? No problem! Come and play with a Splunk table coach! You will have hands-on coaching and participate in BOTS without the pressure of a CTF competition! See below for registration details for your chance to become the Boss of the SOC!

BOTS is a capture the flaq-esque competition, played in teams of up to four. Please note that each BOTS participant MUST:

  • Be registered for .conf18 (*please use same email)
  • Bring a laptop with functional/configurable WiFi (OS doesn't matter as long as it can load Splunk in its browser)
  • Physically be present at the event

Every player must register with a ‘team’ name (cool points for how fun you make it). If you wish to play on a team, please communicate with your team before registering to be sure and use exactly the same “Team Name”. If you are coming to participate but not compete, feel free to make a team, but it isn’t a requirement.

Please note: Space at BOTS 2018 is limited so register for .conf18 and submit your team ASAP. Splunk will review all applications and notify teams that are selected to participate via email.

You will play as the quirky Security Analyst "Alice Bluebird," who is helping Frothly, a home brewing supply company that recently moved almost all on-prem servers to AWS and Azure. Sadly, there are several holes in Frothly’s defense that were left from an aggressive cloud transition. Now, Alice is working through some of major incidents with logs from Azure, Linux, Office 365, Cisco Firewalls, AWS, and many more!

Contestants will pivot through realistic data using Splunk’s analytics-driven security platform and the wild, wild web. All this while racing the clock to identify the who, how and where through a full forensic investigation. You will be given a series of questions of varying types and difficulties, with scoring based on timeliness and questions difficulty. If you choose to participate but not compete you will not be eligible to win (but are welcome to come!).

So, bring your out-of-the-box thought process, “can do” attitude and security prowess for this fun for all competition, brought to you by Splunk.

Get some of the back story: “Alice Through the Looking Glass Table.


Monday, October 1st

Location: Conference room Dolphin Hotel, Southern Hemisphere I/II/III, Walt Disney World Swan and Dolphin Resort
  • 7:00 PM Doors open
  • 7:30 PM-ish Kick off and instructions begin
  • 12:00 AM Winner announced!

For any questions about this competition, feel free to contact Boss of the SOC Team at Splunk via email ( or in the #bots2018 channel of the Slack group splunk-usergroups.


  • Who should play?
    Anyone who wants to try their hand at detecting realistic attacks in a fun environment!

  • What skill level do I need?
    Anyone who knows how to use Splunk will have fun playing this exercise! From Splunk Ninjas to SPL newbs, there is something for everyone.

    For those newbs learning that wants to be matched with a team/Splunk expert, you can play without competing for points, we just want you to have fun and learn.

  • Training and education?
    This year we will be releasing test logs from the dataset and also hosting webinars and releasing blogs to get everyone leveled up before the competition! If you register you will get emails alerting you to the webinars and blogs!

    Want to get ahead of the game? Check out the original datasets from BOTS 1.0 in 2016 with an awesome educational tutorial hosted in the security datasets project. Maybe you want to practice BOTS CTF at home? Download the whole dataset and scoring server here and practice your team's ability to collaborate and answer questions before playing live at .conf18!

  • Prizes?!?!?
    Every participant will take something home, including the cool badge at the top of this page, stickers and other fun items - but members of the winning team will receive some very special prizes!