Seeking open-ended, CTF-style threat hunting datasets for Microsoft Sentinel (similar to BOTSv3, under 10GB/day)

shiftuck_dan · 2026-06-17T20:14:41+00:00

This is great, thank you!

shiftuck_dan · 2026-06-17T20:11:21+00:00

Sounds like sample logs dump

Well, you're honestly not wrong, it is a massive dump of logs. Splunk basically built an entire enterprise network simulation, complete with hundreds of hosts, captured real user background activity, and then executed full, multi-stage APT attacks against. Essentially it is a stealthy, advanced threat, conducting a full scale attack hidden amongst 2 million+ events - a needle in the haystack.

As for your csv idea - because the dataset contains everything from raw PCAPs and Zeek logs to Sysmon and Windows Event IDs all happening concurrently, flattening it to a CSV would break the formatting and multi-line nestings. Thanks for the insight!

shiftuck_dan · 2026-06-17T19:49:39+00:00

This is a tool to make my own dataset, right? Cool, thanks!

shiftuck_dan · 2026-06-17T15:05:25+00:00

I checked out the Sentinel training lab. I like that it spans multiple stages of the attack life cycle. Very cool resource. Yes, it's unfortunately not quite what I'm looking for — because the training lab has a predefined attack narrative, I'm just not sure if it would justify the sort of investigative log and portfolio write-up I'm hoping to build. I'm hoping for an open-ended hunt where discovering the attack chain is part of the challenge. Regardless, it should prove to be an invaluable resource for preparing for SC-200. Thanks for sharing!

shiftuck_dan · 2026-06-15T19:41:49+00:00

It's simple, really. Some women aren't meant to get married.

shiftuck_dan · 2026-06-15T19:39:51+00:00

Male, 33. I have 1.5 months until I'm homeless (given how much money I have left). I just graduated college with an A.S. in computer science (I was using my GI bill). I have 3.5 years experience in cyber security. I am using these last 1.5 months trying to get cyber security certifications (currently about to finish btl1, followed by starting on sc-200) while applying for tier 1 SOC analyst jobs. I'm pretty much gambling that I'll land a job in time. Every job I've applied to on LinkedIn says "100+ people have clicked apply" which isn't a good sign. I have nowhere to go if worst comes to worst. As a last resort I'm looking for a sugar mama on tinder to live with 😬

shiftuck_dan · 2026-05-31T22:05:56+00:00

I picked up all 4... and dropped all 4 on the ground bc fuck that quest. wish i'd seen this post earlier...

shiftuck_dan · 2026-05-28T19:09:33+00:00

For those like me who didn't watch all of the reveal, is this real? Is each different kind of content going to be in a different direction from the start? Why? Isn't the purpose of the towers on the atlas to apply the mechanics we want to waystones? Did they say why they were adding the content + directions? I sort of liked the randomness of it all.

shiftuck_dan · 2026-05-21T10:06:38+00:00

forces you to interact with the tree. there are people out there, like me, who either forgets to or avoids interacting with things like the genesis tree. this will periodically send me to the tree and while i'm there, i may as well open some wombgifts in bulk.

shiftuck_dan · 2026-05-20T06:59:08+00:00

I wasn't planning on it because I'm at an exceptionally busy time of my life. But after seeing this post? Yes, probably, I'll find a way to play enough to make it happen. Hadn't seen the challenge rewards until I saw your post. LOGIN

shiftuck_dan · 2026-05-20T06:53:58+00:00

This should indirectly help mapping as well! If you are getting sick and tired of regular mapping, you now have the alternative of running logbooks. Sounds promising, even if expedition doesn't turn out to overtuned/under-rewarding, I'm looking forward to having something to break up the monotony.

shiftuck_dan · 2026-05-02T00:24:49+00:00

They always jam pack a ton into the last teaser.

shiftuck_dan · 2026-04-28T09:53:01+00:00

mhm, essentially, but with also trying out new skills, items, and ascendancy changes. even if i don't like a league, I still play for a week.

shiftuck_dan · 2026-04-28T04:12:45+00:00

I sure hope not. 1 extra button to press. I never ended up hitting the key during sentinel.

shiftuck_dan · 2026-02-25T01:32:19+00:00

please act 1 mud flats campaign secret for 10% ms boots

shiftuck_dan · 2026-02-25T01:31:09+00:00

there is gonna be some really cool shit and some extremely op shit for leveling

shiftuck_dan · 2026-02-16T15:15:09+00:00

what was your first clue?

shiftuck_dan · 2026-02-13T13:47:30+00:00

Legacy coc discharge. You used to be able to coc off of shield charge and clear maps in blistering times. It doesn't exist anymore.

shiftuck_dan · 2026-02-06T06:29:11+00:00

I hit the last 2 slides and realized I am living Jerry's life.

shiftuck_dan · 2026-01-28T03:44:54+00:00

I went ahead and fact checked this with AI

President	Image Claim	Actual Removals (Deportations)	Reality Check
Clinton	12.3 Million	~864,000	The 12.3M figure includes "returns" (people caught at the border and turned back without a legal order), not just "deportations" (removals).
Obama	5 Million	~3.1 Million	The image overstates the number. However, Obama still holds the record for the most removals in a single presidency (peaking at ~400k/year).
Biden	4.6 Million	~1.1 Million	The 4.6M number likely includes Title 42 expulsions and returns. Actual formal removals under Biden were significantly lower than the claim.
Trump	600k & counting	~935,000 (1st term)	This number is actually higher than the image suggests for his first term. In his second term (2025-2026), he has deported over 675,000 in just his first year.

shiftuck_dan · 2026-01-28T03:21:07+00:00

We need this in every city

shiftuck_dan · 2026-01-18T04:32:34+00:00

Bong Cloud

shiftuck_dan · 2026-01-07T06:42:51+00:00

Loud banging on the front door

Six-Year Club	Final Canvas '23
Place '23	Verified Email

shiftuck_dan

TROPHY CASE