Study up on Okta Logs for Splunk’s Boss of the SOC!

Okta Security is pleased to announce another collaboration with our friends at Splunk - our security teams have joined forces to come up with a range of Okta-relevant scenarios for this year’s “Boss of the SOC'' competition at Splunk .conf23.

Per Splunk,

“Boss of the SOC (BOTS) is a blue-team capture the flag-esque competition. As a contestant, you will explore and investigate realistic event data in Splunk Enterprise and Splunk Enterprise Security. The questions in BOTS range from easy to hard and everything in between. Every question comes with hints to nudge you in the right direction. If you need more help, coaches are onsite and online to assist when the hints run out. Also — don't forget — BOTS is a team sport, so if you bring your crew, you won't be alone."

This means that events from the Okta System Log will be relevant to several challenges. While the Okta Security team doesn’t have first-hand knowledge of what the challenges will include (Splunk keeps that close to their chest), we can suggest a few resources to get a better handle on Okta System Log:

• Okta's Event Type Reference docs at developer.okta.com
• Blog post: User Sign-in and Recovery Events in Okta System Log
• Blog Post: Okta and Splunk Combine to Detect Common Attacks

We’d also like to invite you, in either your physical or virtual form, to view “SEC1747B - If You Give an Adversary a Cookie…”, where Okta’s Matt Egan and Splunk’s James Brodsky will showcase our shared detections as well as insights from our “Boss of the SOC” collaboration.

We wish all participants the best of luck!

PS - Did you know Okta Log Streaming is now globally available? Log Streaming enables admins to more easily and securely send System Log events to Amazon EventBridge or Splunk Cloud in real-time with simple, pre-built connectors. No Admin API token required!