Splunk have several "Boss of the SOC" datasets, simulating a security incident - think of it as a Blue Team/SIEM-based CTF. This is my write-up for BOTSv3, at the time of writing the most recent dataset available. It seems that Taedonggang, a North Korean group, have attacked Frothly, a beer maker...
The official BOTSv3 page is here: https://github.com/splunk/botsv3
This post can also be found on my website:
https://www.jamesgibbins.com/cybersecurity/articles/botsv3/
Or available as a PDF:
index=botsv3
omitted.| eventcount index=botsv3
: 2,030,269 events
index=botsv3
: 2,798,824 events