Interesting timing, as Splunk is running its regular Boss of the SOC and Boss of the NOC starting Monday. This is a simulated Security Operations Center, and Network Operations Center, used for training and competition :)

Signups for BOT(N|S) end today (16th October), check https://conf.splunk.com/connect/boss-of-the-soc-and-noc.html There are also frequent regional BOT(N|S) that are run, more details on the website.

Past datasets for BOTS can be found at https://github.com/splunk?q=bots , and many related Splunk Blog posts about it can be found at https://www.splunk.com/en_us/blog/tag/boss-of-the-soc.html,. These are freely avaialable, just download the data, copy to a Splunk instance (also free, as the data is already ingested), and you're good to go and start practcing.

Disclaimer, I work for Splunk, and am helping coach in the APAC BOTN next week.

I'll also link to the Splunk Attack Range, https://github.com/splunk/attack_range . This allows you to quickly spin up a small lab environment, then quickly hit it with a bunch of realistic attacks. All that data is then is then sent to a prebuilt Splunk instance for you to practice your investigation and analysis, and even integrate with Phantom, Splunk's automation system. Check out the video for it at https://www.youtube.com/watch?v=xIbln7OQ-Ak . Again, this is all free, no registration required.

See you next week at the EMEA confs!

I'm interested but don't feel like creating an account to try it. Is it really necessary to make me create one?

You can create an account for free with limited access. If you worried about your personal information, you can use different name and surname

Do you have an about page? Pretty skeptical of using any site that doesn't have any info on creators or the org.

Anyone know of a real SOC or SIEM that looks like this? Something that can be installed on-prem? Thanks.

Security Onion leverages ELK/Elastic stack + to aggregate and visualize output from security tools https://securityonion.net/

Thank you.

Splunk 8 has a dark theme.

I remembered Splunk being a simple log parser. I didn’t remember it as a dashboard like this. It’s been many years since I looked at it though. Time to give it another look.

I build SOCs where Splunk can be the SIEM and it is being very nice to work with.

It integrates an editor where you can convert query results to such visualizations. You could also integrate your custom viz made with JS libs (D3).

Entreprise Security is a Splunk paid app that provides a nice environment for SOC analysts.

Yes,you should give it a try, maybe through a docker image that will get you going quickly.

Interesting. Tried to sign up. Signup mail going to Gmail spam box and the login not working.

Can you please share with me which mail service are you using? And i tested login page, it looks ok. Can you create new user? Probably you are trying wrong password.

How are you handling passwords?