Splunk BOTSv3 Write-Up

Splunk have several “Boss of the SOC” datasets, simulating a security incident - think of it as a Blue Team/SIEM-based CTF. This is my write-up for BOTSv3, at the time of writing the most recent dataset available. It seems that Taedonggang, a North Korean group, have attacked Frothly, a beer maker… The official BOTSv3 page is here: https://github.com/splunk/botsv3 I wrote this on Notion, and it is best viewed there, as it is always up-to-date and is visually best. See it here: