This lab will have you leverage Docker to learn Splunk as well as Incident Response and Threat Hunting skils! You will need to have Docker installed on your device, and then go and clone the following GitHub repo: Splunk BOTS Docker Once you have the repo cloned, cd into the directory and run the command docker-compose up bots1 -d then give it a few minutes as everything spins up.
After about 5 minutes the container should be up and ready. Open your web browser and navigate to http://localhost:8000. The username is admin and the password is changeme.
Once you have completed the exercise, see the village host for the CTF for this exercise.