I am currently preparing for the Blue Team Level 1 certification offered by Security Blue Team. It is a 24-hour practical exam that requires the student to run through an entire incident response lifecycle; looking at simulated data and reporting how a security breach occurred.
At this time, I have completed the training material and my lab time has expired. And while I could purchase additional lab time, I am currently seeking some free hands-on training materials to brush up my Splunk investigative skills.
I am not advocating that the content here is a legitimate replacement for actual lab time in the vendor's environment. This is just supplemental practice that I have decided to use.
Boss of the SOC v1
This is an interactive Splunk challenge with simulated security data already bundled in. The only requirement is that you host the machine, boot it up, open the Splunk search console, and get to work.
That said, this challenge was designed for VirtualBox and VMware. I am going to demonstrate how to get it running on Proxmox.
Download the Challenge Files
Unzip and Inspect the Files
Stage the VM
Import and Attach the Disk
# Change the VMID and storage pool as needed
# This is just an example command
qm set 610 --sata0 local-lvm:vm-610-disk-0