Splunk Boss of the SOC
This page is designed to be hands-on and is using the splunk BOTS dataset. The goal of this BOTS workshop is to provide a better understanding of how Splunk can be used to better answer security questions that may occur within your environment. During this exercise, we will introduce to searching with Splunk and walk through questions that are similar to those in the BOTS competition and develop searches that will help answer them.
| Sessions | Status | Link |
|---|---|---|
| BOTSv1 challenge | Completed | Walkthrough |
| BOTSv3 challenge | Planning | Walkthrough |
| Hunting an APT | In progress | Walkthrough |
| Splunk Common Commands Used | |
|---|---|
| metadata, stats -distinct count, count, values, average, AS, eval -lower,length, round, table, AND OR NOT, sort, reverse, head, transaction, rex, search, inputlookup, outpuutlookup, fields, lookup |
| Resource: |
|---|
| BOTS SPLUNK |
| BOTSv1 |