Looking for some threat hunting and incident response practice that's more game than work? Check out the new Capture the Flag (CTF) challenges from Corelight, now available on Splunk’s Boss of the SOC (BOTS) website - just in time for .conf!
Our two on-demand BOTS modules will show you how Corelight data in Splunk can accelerate your processes and help analysts spend more time analyzing and less time fumbling with queries and gluing together data sources. You’ll pivot from Suricata alerts to Zeek® evidence, finding indicators of C2 beaconing, lateral movement, and data exfiltration along the way. Plus, you’ll see how valuable our HTTP, DNS, SSL, and x509 logs (and more) are for common incident response and threat hunting tasks.
We’ve designed the questions in these scenarios to lead you through typical analyst processes, making them interesting to current practitioners, while also approachable to folks who want to break into or advance in the security industry. Hints are available for many of the more challenging questions, but the exercise is designed so that most will be able to complete it within an 90 minutes to three hours. For help getting started, check out the “Intro to Corelight” video in the “Learn” section of the BOTS website.
If you’re ready for the challenge, head over to http://bots.splunk.com, sign in with a (free) Splunk account, and click on the Corelight logo to get started.
Good luck and have fun!
by Ed Smith, Product Marketing Manager, Corelight