Dragos has teamed with Splunk to develop additional learning opportunities for the ICS community. To enhance OT cybersecurity awareness and capabilities, Dragos is contributing ICS content to the Splunk Boss of the SOC (BOTS) capture-the-flag (CTF) competition, which kicks off at the upcoming Splunk.conf19 (October 21 – 24 in Las Vegas).

The ICS dataset contributed by Dragos – which comes from a real brewery control system – will allow you and your industrial cybersecurity team to learn and improve your skills working with real-world data and incidents in a safe and fun way – not to mention the bragging rights!

First conducted in 2016, BOTS is “a blue-team jeopardy-style CTF-esque activity where participants use Splunk – and other tools – to answer a variety of questions about security incidents that have occurred in a realistic but fictitious enterprise environment.” [1]

For 2019, as Splunk writes in their recent post Splunk BOTS 4.0: A New Hope, “in the best of Splunk traditions, BOTS will be BIGGER, BOLDER and EVEN MOAR MOAR AWESOME, with exciting new datasets and BOTS education opportunities.” It goes on to delve into the data and challenges which will be presented:

Every year the BOTS team tries to create data that is new, exciting, and educational for participants. This year is no different. We spent 2019 attending hundreds of hours of security conferences and have brought some of the most interesting adversary techniques that have ever been seen to the BOTS 4.0 dataset. Not only will contestants have the normal Windows endpoint, server, and cloud data, but we will also be challenging you with a brand new ICS/SCADA scenario. That’s right. Frothly is buying a brewery. 🙂  Similar to last year, you will have access to all of Splunk’s security products like Splunk User Behavior Analytics, Splunk Enterprise Security, and Splunk Phantom. In fact, this year we plan to greatly extend the Phantom integration so get ready to play with…umm…playbooks and fix some python!

If you’re interested in joining in the fun, first you must register for .conf19, then sign up for BOTS in Las Vegas, and be ready to engage the battle on October 21st. 

Please note, as they say in their post: It is critical that each member of your team register for BOTS individually. Your individual registration will not reserve space for your teammates.

We look forward to seeing what you bring to the BOTS 2019 competition in Las Vegas – Have Fun and Good Luck!

[1] https://www.splunk.com/blog/2017/09/06/what-you-need-to-know-about-boss-of-the-soc.html