Splunk 2
Premium roomPart of the Blue Primer series. This room is based on version 2 of the Boss of the SOC (BOTS) competition by Splunk.
medium
To access material, start machines and answer questions login.
Set up your virtual environment
BOTSv2 Dataset:
The data included in this app was generated in August of 2017 by members of 's Security Specialist team - Dave Herrald, Ryan Kovar, Steve Brant, Jim Apger, John Stoner, Ken Westin, David Veuve and James Brodsky. They stood up a few lab environments connected to the Internet. Within the environment they had a few Windows endpoints instrumented with the Universal Forwarder and Stream. The forwarders were configured with best practices for Windows endpoint monitoring, including a full Microsoft deployment and best practices for Windows Event logging. The environment included a Palo Alto Networks next-generation to capture traffic and provide web services, and Suricata to provide network-based .
Note: This information is from the Advanced Hunting APTs with app. 
BOTSv2 Github: https://github.com//botsv2 (opens in new tab)
It is recommended that you complete the 101 room before attempting this room.
Room Machine
Before moving forward, deploy the lab machine.
From the AttackBox, open Firefox Web Browser and navigate to the instance (http://MACHINE_IP:8000).
You may need to refresh the page until loads. This can take up to five minutes to launch.
Ready to learn Cyber Security?
The Splunk 2 room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in