Two Hacknowledge teams travelled from Morges to Zurich to represent the company at Splunk EMEA BOTS 2024, learn new things, and last but not least, have fun and meet inspiring people! The first team was composed from Security Engineers and SOC Analysts from the ISSE department who were relatively new to Splunk and the other teams by the Analytics team members who are seasoned Splunk Consultants with Security Engineering background. Both teams give you their feedback according to their experience.
tldr: Everyone had a blast, again fantastic organization from Splunk. See you next year!
My Journey from Splunk Rookie to Security Ninja
BOTS
SOC is one of the cybersecurity sectors most neglected by CTF organisers, and events are rare enough. By making the Boss Of The SOC a regular event, Splunk has established itself as the number one in the discipline. With almost 10 years of experience, it is certainly the most popular CTF for SOC analysts.
The Rookie Team
This year at Hacknowledge, for the Splunk Boss Of The SOC 2024 we decided to send to Zurich a team of new SOC analysts, and therefore beginners with Splunk. The idea was to show that Splunk’s technologies are particularly easy to access, even for newcomers. It was an opportunity for us to put into practice the fundamental Splunk courses, with the idea of taking the Core and Power User certifications. Of course, it was also to have fun in a CTF ambiance.
Training
To train and discover the world of BOTS we had the opportunity to practice on the first BOTS edition of 2016. This gave us a better idea of what to expect on the big day. With that, we better understood the path between the questions, saw that it was better to be guided than to get lost in the logs and learned some useful queries to make our searches easier. Finally, we listened to several online courses about tools like Splunk Enterprise, Splunk Enterprise Security, Splunk SOAR.
Challenge
As for the challenge itself, we were impressed by the quantity and variety of data sources available, which is a real goldmine for an analyst when he wants to investigate further.
The use of Splunk’s tools, although guided, was surprisingly easy, both in terms of querying and navigating through the various tools.
Ninja
In the end, we can only encourage all analysts to take part in future BOTS or replay the old ones, whether it’s to get their first foot in the world of Splunk or to become the Boss.
Looking forward for next year!
My Journey from Splunk Wannabe to Splunk Mentor
The Hacknowledge Analytics team recently embarked on a journey at the Splunk Boss of the Soc (BOTS) event in Zurich, marking our third year at the prestigious Plaza Palace. Participating in BOTS has become a cherished tradition, offering us the opportunity to dive into the evolving challenges of cybersecurity analytics and create some team building around a fun event. The BOTS is the perfect hands on to discover the tools and power of data management provided by Splunk through guided question that puts your brains in action to knock out the flags.
Even though, our day-to-day job is slightly different of the CTF experience provided by this event, it reveals the capacity of an analyst to be clever and inventive in order to find the correct answers and to build the expected payload to flag some of the harder riddle.
Our approach balances perseverance and collaboration. We dive into the problems individually, pooling our insights as a team when it gets tough. This strategy has proven effective in navigating the intricate puzzles laid out for us.
Stepping into the Shoes of Alice Bluebird as a security expert unravelling the mysteries within Frothly’s network logs to find out what happened to the platform during a compromising. We start this challenge of 5 scenarios with the goal of identifying what happened and go through the questions that guide us to clarify this enigma. It’s a delight to see how handy Splunk helps us to run through the data and even in stressful situations to point out the right information.
Preparation is the key for any team looking forward to facing an intrusion. Taking this in account, we dedicated time to familiarize our team, especially newcomers, with the challenges ahead. Some organizations on how will hit in which scenario, booking a train ticket and everything looks ready to go. This groundwork ensured we were ready to tackle the tasks with strategic planning and unity.
The Splunkers team reaches together with the incident response members for the BOTS .
As mentioned, the daily job of a blue team is not always reflected in CTF competitions. Each team has its established data handling strategies and detection workflows. It’s not uncommon for teams to experience periods where they may be limited in their thinking.
Realistic cases with a full working SIEM stack can provide valuable insights into improving our current threat engineering workflows such as evaluate useful log sources, optimize data enrichment, correlation technic or implement detection logic. That’s why, even for more experienced profiles, BOTS is an excellent opportunity to challenge ourselves and generate new ideas. The Advanced Persistent scenario was a great example of what data juggling analysts need to perform.
Team results on edition 2024
This year in EMEA BOTS event there were many teams present in remote but also in person in Zürich. Out of 349 teams we could rise just above the 10% with the 36 rank. We are happy to see that our journey to move up the scoreboard is not yet over. Already looking forward to join next year’s event, we now know where we should scrounge some points, motivated by the challenges and learning opportunities that BOTS presents.
The competition’s conclusion was not the end but a transition to the “apéro” hosted by Splunk. This gathering provided a the opportunity for participants to share stories, and connect in an unformal atmosphere. The relaxed ambiance, with refreshments in hand, we exchanged insights and experiences with peers and partners. This networking session underscored the event’s role in not just technical skills but also in weaving the fabric of a supportive and vibrant cybersecurity community.
Furthermore in partnership and camaraderie, Splunk extended a warm invitation to us for a dinner. This amicable evening was a perfect epilogue to the day, allowing us to cherish our relationships in a more intimate setting. The gesture was a testament to the spirit of collaboration and mutual respect that defines our interaction with Splunk. We are grateful for not only the learning opportunities provided during BOTS but also for the moments of leisure and fellowship that followed. Such gestures amplify the sense of community and shared purpose among us, and for this, we extend our heartfelt thanks to Splunk.
Let this experience inspire not just us but all participants to push the boundaries of what’s possible in cybersecurity. Here’s to facing future challenges with confidence and curiosity, ever ready to decode the complexities of the digital world. See you at BOTS 2025!
Hacknowledge Analytics
Are you concerned about the security of your business? Look no further than the Analytics team at Hacknowledge. Our team provides comprehensive guidance from log policy and management to threat detection and response.
All our team members are part of Hacknowledge’s SOC team, meaning they have firsthand experience handling alerts and writing detections. Our focus on excellence and customer-oriented service is reflected in all our senior engineers being Splunk Core Certified Consultants.
While we have a strong focus on Splunk technology, we remain vendor-neutral and provide unbiased advice to our customers, regardless of their existing technology. Trust us to provide the expertise and support you need to keep your business secure.
Hacknowledge
Hacknowledge is a leading cybersecurity company part of the Swiss Post based in Morges, Switzerland, which specializes in providing comprehensive and tailored cybersecurity solutions to businesses of all sizes. Our team of highly skilled and certified cybersecurity professionals dedicated to ensuring that your business is safe against the ever-evolving threat landscape.
At Hacknowledge, we take an initiative-taking approach to cybersecurity by providing continuous monitoring, threat detection, and incident response services. We also offer vulnerability assessments, penetration testing, and security audits to identify potential weaknesses in your systems and provide recommendations for improvement.
Our solutions are designed to meet the specific needs of each client, and we work closely with our customers to ensure that they are always up to date with the latest cybersecurity best practices. We pride ourselves on providing excellent customer service and support, and we are committed to helping our clients achieve their cybersecurity goals.
In short, Hacknowledge is your trusted partner in cybersecurity, providing expert solutions and support to protect your business from cyber threats.
Read More
- What a week for the Analytics Team @Hacknowledge! (and it was only Wednesday) – Hacknowledge
- Splunk Cloud: A (Hopefully) Comprehensive and Technical Review – Hacknowledge
- Splunk Boss of the SOC
- What You Need to Know About Boss of the SOC | Splunk
- Boss of the SOC Version 8 – Live from .conf23 | Splunk
- Who’s the Boss? EMEA Boss Of The SOC DAY 2023 | Splunk
- Hunting with Splunk: The Basics | Splunk
