Splunk Enterprise Security

This is a question about preparing BOTS Day.

mal4ensics
Explorer

Hello.
I am a Korean university student studying Digital Forensics (incident Response).

I want to study splunk and participate in BOTS Day.
I think it will be a process to become a security expert.

However, "https://www.splunk.com/en_us/blog/security/boss-of-the-soc-2-0-dataset-questions-and-answers-open-so..." seems to require the Enterprise version to handle dataset for BOTS Day.

"https://www.splunk.com/en_us/download/get-started-with-your-free-trial.html" states that the Enterprise version is only available for 60 days.

Do I have to purchase the Enterprise version to prepare for BOTS Day?
Can't I prepare for BOTS Day and get good results with Splunk Phantom Free Community Edition?

Thank you.

0 Karma

wmyersas
Builder

You can use the full edition of Splunk for 60 days for free

When is the BOTS Day?

Just install Splunk less than 60 days before BOTS Day

0 Karma

mal4ensics
Explorer

But i need to practice with dataset. I need a much longer period than 60 days 😞

0 Karma

wmyersas
Builder

So ... Install Splunk, load the dataset, and play with it

If it doesn't continue to work after the install flips to free mode in 60 days, remove Splunk, reinstall, and reload the dataset

0 Karma

mal4ensics
Explorer

Thank you 🙂

richgalloway
SplunkTrust
SplunkTrust

Based on my last BOTS experience, you do not need Phantom or Splunk Enterprise Security to prepare for BOTS Day. Nor do you need to purchase Splunk as the free version should be enough.

Consider downloading the BOSS of the SOC (BOTS) Advanced APT Hunting Companion App for Splunk (https://splunkbase.splunk.com/app/4430/) as a study guide.

---
If this reply helps you, Karma would be appreciated.
0 Karma

mal4ensics
Explorer

Thank You.

Happy new year !

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...