Latest Version 1.1
April 11, 2019
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
Boss of the SOC (BOTS) Advanced APT Hunting Companion App for Splunk
If you are interested in a guided learning approach to threat hunting within the APT scenario of BOTSv2, this is the app for you! This app is a companion app used for the Advanced APT Hunting with Splunk workshop and uses the BOTSv2 dataset that was open sourced in April 2019 and is hosted at Splunk.com https://events.splunk.com/BOTS_2_0_datasets.
Built by Splunk Works
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
If you are interested in a guided learning approach to threat hunting within the APT scenario of BOTSv2, this is the app for you! This app is a companion app used for the Advanced APT Hunting with Splunk workshop and uses the BOTSv2 dataset that was open sourced in April 2019 and is hosted at Splunk.com https://events.splunk.com/BOTS_2_0_datasets.
The app resides on Splunk Enterprise and Enterprise Security and provides a set of 13 hunts that build on hypotheses derived from MITRE ATT&CK while providing the user a step by step guided walkthrough of the searches and process to better educate themselves on hunting an adversary like the one emulated in the BOTSv2 data.
Splunk Enterprise Security is not required to use the app but there may be a few searches and dashboards that call ES dashboards. Screenshots are provided in the app as well to see this output.
Categories
Created By
Splunk Works
Contributors
John Stoner
Type
app
Downloads
3,257
Licensing
Splunk Answers
Resources
Log in to report this app listing