My progress through the version 1 challenge.
I just want to give credit to those at Splunk involved in making the Boss of the SOC - version 1. I do not want to spoil anything for those who have not completed the lab, but it made me enjoy this one because of the storyline. Click the link to each scenario to follow along with me as I work through the case.
I originally completed the lab on https://bots.splunk.com and then set up a virtual machine using VirtualBox. I used Ubuntu 20.04 LTS and installed Splunk's Enterprise deb file. I then downloaded the data set from https://github.com/splunk/botsv1. GitHub also has a list of apps you should install. I extracted the 9.3GB data set and added it to Splunk. Now we can play with Splunk's SPL queries and work through the case.
Click on a scenario to follow along with me.