Splunk Boss of the SOC – Nordic Challenge

Are you part of the best group of Security Analysts in the Nordics? Are your threat hunters familiar with Splunk? Do you want to test your skills against other incident responders? mnemonic and Splunk have organized Boss of the SOC Nordics where you and your team can prove what you’re made of!

What is Boss of the SOC?

Boss of the SOC (BOTS) is a Capture the Flag-esque (CTF) competition that is played in teams of up to four players and hosted by Splunk and mnemonic. The game features contestants playing the role of a SOC Security Analyst. Participants are challenged to answer questions about security-related scenarios. Some are easy. Some are hard. Contestants will use their own laptop (OS doesn't matter as long as it can load Splunk in its browser) to access the online BOTS environment. The event will be held virtually using Zoom.


That’s right! For the first time ever, you’ll be able to test your skills against the best security teams throughout the Nordics. Bragging rights and national pride are at stake!

The scenario

You will role play as the quirky Security Analyst "Alice Bluebird," who is helping Frothly, a thriving home brewing supply company. Thanks to Alice, Frothly continues to thrive in spite of constant nation-state attacks and has big plans to innovate and expand, which they’ll quickly learn comes with a whole new set of challenges.

Alice must continue to expand her knowledge of cloud, as well as on-premises windows/Linux hosts, firewalls and even ICS/SCADA data all while building a team to improve and streamline Frothly’s defenses. Contestants will pivot through realistic data using Splunk’s analytics-driven security platform and the wild, wild web. All this while racing the clock to identify the who, how and where through a full forensic investigation.

This BOTS will leverage the BOTS v4.0 dataset launched at Splunk .conf 2019.

Who should attend?

Security analysts, threat hunters, incident responders or anyone with some security experience or who wants to learn. A working understanding of basic Splunk search functionality will help, but you don’t need to be a Splunk expert.

What you need
A computer with any browser and Internet connection
Audio/video (mic, speakers, camera is optional but encouraged to really get into the competition spirit)

Login details for the BOTS platform and Zoom meeting details will be emailed to you before the event.

Team size
A team of 2 to 4 is ideal, but solo contestants are welcome as well. Teams can also have members from different companies. 

Registering solo and want to be on a team? Let us know and we’ll try to find a team for you.

Benefits of your team entering this competition:

  • Practice security skills in a fun environment for free
  • Go through a live investigation and learn how you can improve your speed of investigations
  • Meet and exchange ideas with peers about threat hunting tactics


Boss of the SOC competition

Award ceremony & wrap-up


Email the following information to

  • Team name
  • Nordic country you’re representing (multi-country teams are welcome)
  • Team members (up to 4) – name, company, email address and phone number

By registering for the event you accept mnemonic’s privacy policy. Your submitted contact information will be shared with Splunk.

Registration info above. Registration closes Friday June 12th at 10:00 CEST/GMT+2.