Select your country

Not finding what you are looking for, select your country from our regional selector:


Splunk Boss Of The SOC (BOTS)

What is BOTS and its history

Author: Quentin Brusa

Boss Of The SOC (BOTS) is a blue-team version of a Capture The Flag competition. As a SOC analyst, you have to explore and investigate realistic event data/alert in Splunk Enterprise and Splunk Enterprise Security. During the competition, you can practice your security skills and compete with other participants. You have to answer a series of questions with different types and difficulty. Points are obtained for both accuracy and speed.

The first BOTS edition was created by Splunk at the .conf2016 and today it is an unavoidable event of each edition of Splunk .conf. The 2021 edition was virtual but did not impact the participation rate: 3700 attendees, with 966 teams from over 700 organizations.

The next BOTS is planned at Splunk .conf 22 (18:00 Pacific/UTC-7), 14 June 2022. Remote participation is possible.



The main story for Insomni’hack BOTS edition was the following:

”You and your team will role play as the quirky Security Analyst Alice Bluebird, a security analyst at Frothly, a thriving home brewing supply company. Why? Just because it’s a pandemic doesn’t mean Frothly has stopped defending its network. Contestants will pivot through a brand new, realistic dataset using Splunk’s analytics-driven security platform and the wild, wild web. All the while racing the clock (and the globe) to identify the who, how, and where through a series of full forensic investigations.”

6 scenarios are available: Splunk ES, Splunk SOAR, AWS, Remote Work, APT and GCP.

Behind theses scenarios, the tools were Splunk Enterprise, Splunk Enterprise Security, Splunk SOAR and Corelight.

Who can participate?

Everyone can participate! It’s fun and it lets you practice your security skills on a very cool platform. You can prepare yourself with the Splunk resources below:


We are proud of the Orange Cyberdefense (previously SCRT) analytics team to be at the first place for this edition:

Congratulations to all participants of this edition and see you again next year!

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.