(no title)

Signups for BOT(N|S) end today (16th October), check https://conf.splunk.com/connect/boss-of-the-soc-and-noc.html There are also frequent regional BOT(N|S) that are run, more details on the website.

Past datasets for BOTS can be found at https://github.com/splunk?q=bots , and many related Splunk Blog posts about it can be found at https://www.splunk.com/en_us/blog/tag/boss-of-the-soc.html,. These are freely avaialable, just download the data, copy to a Splunk instance (also free, as the data is already ingested), and you're good to go and start practcing.

Disclaimer, I work for Splunk, and am helping coach in the APAC BOTN next week.

I'll also link to the Splunk Attack Range, https://github.com/splunk/attack_range . This allows you to quickly spin up a small lab environment, then quickly hit it with a bunch of realistic attacks. All that data is then is then sent to a prebuilt Splunk instance for you to practice your investigation and analysis, and even integrate with Phantom, Splunk's automation system. Check out the video for it at https://www.youtube.com/watch?v=xIbln7OQ-Ak . Again, this is all free, no registration required.