Boss of the SOC (BOTS) Advanced APT Hunting Companion App for Splunk

If you are interested in a guided learning approach to threat hunting within the APT scenario of BOTSv2, this is the app for you! This app is a companion app used for the Advanced APT Hunting with Splunk workshop and uses the BOTSv2 dataset that was open sourced in April 2019 and is hosted at Splunk.com https://events.splunk.com/BOTS_2_0_datasets. The app resides on Splunk Enterprise and Enterprise Security and provides a set of 13 hunts that build on hypotheses derived from MITRE ATT&CK while providing the user a step by step guided walkthrough of the searches and process to better educate themselves on hunting an adversary like the one emulated in the BOTSv2 data. Splunk Enterprise Security is not required to use the app but there may be a few searches and dashboards that call ES dashboards. Screenshots are provided in the app as well to see this output.