Study up on Okta Logs for Splunk’s Boss of the SOC!

John Murphy and Laremy Legel

Okta Security is pleased to announce another collaboration with our friends at Splunk - our security teams have joined forces to come up with a range of Okta-relevant scenarios for this year’s “Boss of the SOC'' competition at Splunk .conf23.

Per Splunk,

“Boss of the SOC (BOTS) is a blue-team capture the flag-esque competition. As a contestant, you will explore and investigate realistic event data in Splunk Enterprise and Splunk Enterprise Security. The questions in BOTS range from easy to hard and everything in between. Every question comes with hints to nudge you in the right direction. If you need more help, coaches are onsite and online to assist when the hints run out. Also — don't forget — BOTS is a team sport, so if you bring your crew, you won't be alone."

This means that events from the Okta System Log will be relevant to several challenges. While the Okta Security team doesn’t have first-hand knowledge of what the challenges will include (Splunk keeps that close to their chest), we can suggest a few resources to get a better handle on Okta System Log:

We’d also like to invite you, in either your physical or virtual form, to view “SEC1747B - If You Give an Adversary a Cookie…”, where Okta’s Matt Egan and Splunk’s James Brodsky will showcase our shared detections as well as insights from our “Boss of the SOC” collaboration.

We wish all participants the best of luck!

PS - Did you know Okta Log Streaming is now globally available? Log Streaming enables admins to more easily and securely send System Log events to Amazon EventBridge or Splunk Cloud in real-time with simple, pre-built connectors. No Admin API token required!

John Murphy
Manager, Defensive Cyber Operations (EMEA)

John leads the EMEA node of Okta's Detection and Response Engineering team.

His team develops detections and supplementary automations to protect Okta from threat actors, which in turn inform our rotational response and threat hunting missions.

Laremy Legel
Senior Manager, Security Communications

Prior to joining Okta recently as a Senior Communications Manager, Laremy Legel worked for Amazon Web Services (AWS). Upon joining AWS in 2014, he delivered communications on topics such as Zero Trust, Defense in Depth, Confidential Computing, and global privacy regulations. After bringing two services to market (AWS Artifact and Amazon Macie), Laremy transitioned to assist the CISO of AWS and co-founded the first dedicated cloud security conference, AWS re:Inforce, in 2019.