BOSS OF THE SOC (BOTS) 1.0

Open source Boss of the SOC dataset, scoring server, questions and answers



Register for VIP Access:

BOTS 1.0

Want to run, play or explore BOTS on your own? Just fill out the form. We know “another form”, but we promise it’s worth it and you’ll have access to (almost) everything from BOTS 1.0!

What is BOTS?

BOTS is a jeapordy-style, capture-the-flague-esque (CTF) competition in which participants use Splunk—and other tools—to answer a variety of questions about realistic enterprise environment security incidents. Need more clarification about BOTS, read this blog.

The Cool Part (A.K.A: Why should you care?)

You can use BOTS open source data for a variety of things, such as, to determine metrics on adversary actions, use it as bulk data to test searches and refine their detection methods, or (maybe most obvious) training! (Find more reasons and details in the blog).

You’ll basically have VIP access — who doesn’t like that? — to the BOTS 1.0 dataset in various forms (Splunk index and json), along with questions and answers, and the BOT(S|N) scoring server! Meaning: you can run your very own Boss of the SOC competitions for fun or training using the exact same technology and data that we used for BOTS 1.0.