For the second year running, Splunk and RiverSafe held a Boss of the SoC (BOTS) event, allowing Sky’s security teams to test their blue-teaming mettle against Splunk’s ever-challenging capture-the-flag.

The event puts players in the shoes of security analyst Alice Bluebird, a security analyst at the fictitious “Frothly” brewery, who often find themselves under attack from red teams and APT groups alike. Players are asked to track and find details of various malicious activities in the data set included in BOTS, from compromised workstations to errant IoT systems, using hosted instances of Splunk Enterprise Security, Splunk Phantom, and Splunk UBA, to help them answer the questions. To up the pressure even more, the competition runs for 3 hours, with bonuses awarded for answering questions promptly.

Unlike last year, this BOTS was virtual, which brought about its own set of challenges.

After introductions from Splunk’s Fraser Hodgson, Sky’s Justin Walker and RiverSafe’s Oseloka Obiora, the teams of 4 now had to collaborate remotely to find the right answers, a contrast to sitting around a table freely shouting out ideas.

Regardless of this, a catchy Spotify playlist provided by Splunk’s own DJ Johan Bjerke helped to set the atmosphere, giving new starters their first look at using Splunk software for security, and letting the more seasoned pros put their skills to use investigating and cracking even the hardest of questions.

From the introductions to the close-out, a good time was had by all!