Hi SecOps Community, I am attempting to reproduce this superb blog post:https://dispatch.thorcollective.com/p/cant-hide-in-3d The blog post is written for Splunk, utilizing the resources here:Code Repository TTB Implementation SPL Code - GitHub TTB_BOTS_v2 GitHub TTB Framework Evolution MITRE TTP-Based Hunting Paper (2019) MITRE's 11 Strategies for a World-Class SOC (2022) MAD20 Course Materials (2024) Splunk Threat Hunter's Cookbook (2025) BOTS v2 Dataset Splunk Boss of the SOC v2 Dataset BOTS v2 Scenario Documentation Technical Implementation Splunk 3D Scatterplot Visualization How can SecOps security engineers utilize datasets like BOTS? How do we utilize 3D scatterplot visualization in Chronicle? I dug through John Stoner’s New to Chronicle series, and David French’s posts, and I’d like to see a practical technical demonstration of these potent threat detection techniques, specifically TTB and utilizing community detection datasets like BOTS.

Usage of 3D Scatterplot Visualization & Time-Terrain-Behavior (TTB)

Hi SecOps Community,

I am attempting to reproduce this superb blog post:

https://dispatch.thorcollective.com/p/cant-hide-in-3d

The blog post is written for Splunk, utilizing the resources here:

How can SecOps security engineers utilize datasets like BOTS?

How do we utilize 3D scatterplot visualization in Chronicle?

I dug through John Stoner’s New to Chronicle series, and David French’s posts, and I’d like to see a practical technical demonstration of these potent threat detection techniques, specifically TTB and utilizing community detection datasets like BOTS.

Be the first to reply!

Code Repository

TTB Framework Evolution

BOTS v2 Dataset

Technical Implementation

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded