Latest Version 1.1
April 11, 2019
Warning
Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.
This app is archived. App archiving documentation
Boss of the SOC (BOTS) Advanced APT Hunting Companion App for Splunk
If you are interested in a guided learning approach to threat hunting within the APT scenario of BOTSv2, this is the app for you! This app is a companion app used for the Advanced APT Hunting with Splunk workshop and uses the BOTSv2 dataset that was open sourced in April 2019 and is hosted at Splunk.com https://events.splunk.com/BOTS_2_0_datasets.
Built by
Compatibility
Splunk Enterprise
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
If you are interested in a guided learning approach to threat hunting within the APT scenario of BOTSv2, this is the app for you! This app is a companion app used for the Advanced APT Hunting with Splunk workshop and uses the BOTSv2 dataset that was open sourced in April 2019 and is hosted at Splunk.com https://events.splunk.com/BOTS_2_0_datasets.
The app resides on Splunk Enterprise and Enterprise Security and provides a set of 13 hunts that build on hypotheses derived from MITRE ATT&CK while providing the user a step by step guided walkthrough of the searches and process to better educate themselves on hunting an adversary like the one emulated in the BOTSv2 data.
Splunk Enterprise Security is not required to use the app but there may be a few searches and dashboards that call ES dashboards. Screenshots are provided in the app as well to see this output.
Categories
Security, Fraud & Compliance
Created By
Splunk Works
Contributors
John Stoner
Type
app
Downloads
3,288
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing