Success Stories

Startup Style traction can happen inside a big company. At Splunk it happened to a group of entrepreneurially minded sales engineers with a game they invented called Boss of the SOC (BOTS). BOTS is a reverse capture the flag style game. Instead of usual capture-the-flag objective of hacking a system to capture digital flags, participants are presented with a system that has already been hacked, and they use Splunk security tools to do forensic analysis and uncover what sensitive information has been accessed, when it was accessed, and the digital fingerprints left behind by the attackers.

The sales engineering team had built the original game with a mix of Splunk applications that presented quiz-like questions to players, and spreadsheets that tracked how each team was doing. Given that each Splunk instance running the game had to be separately setup and managed, the operational overhead of running an event was preventing the team from scaling BOTS to meet customer demand.

Splunk asked Kelsus to rebuild the game as an always-on SaaS solution that could manage teams of players, upcoming events, managing the multiple choice questions, and scoring.

Kelsus solutions architects worked with the head of the sales engineering team from BOTS to build a serverless web application on AWS from the ground up. For a system like this that experiences intermittent high traffic during Splunk conferences when thousands of people around the world are playing the game at once, serverless is a perfect fit.

When we started the project, the biggest operational burden for the sales engineering team was team creation and management.. Using agile principles to prioritize our work, the Kelsus team spent six weeks, building a self-service team management system for players to let them sign up, create teams, join teams, leave teams, and invite others to teams.

With that small win under our belts, the Kelsus team proceeded to add features like event management (in this case big Splunk conferences during which people play BOTS), question management and presentation for the game itself, and scoring.

Kelsus and Splunk have continued to develop BOTS for nearly two years. We have added features that have reduced the operational burden of running a BOTS event to the point where the Splunk team can run many more events per year. We have even added a self-service, always-on version of the game.

• Solution integrates deeply with Splunk software: not only do players use Splunk to do their forensic analysis as part of the game, but as they play, everything is logged to Splunk where data engineers can learn participation analytics like time spent vs. correct answers on questions.
• Serverless architecture is very cost effective. When usage is low between events, infrastructure costs are near $0.
• Existing fans of the BOTS game noticed and loved the newly designed and polished system. Overall player numbers increased via positive word of mouth.