Splunk Attack Range
#Security Testing#Offensive Security
Interactive online malware sandbox for real-time analysis and threat intelligence
Understanding the Splunk Attack Range
The Splunk Attack Range is a project that is open-source and is actively maintained by the Splunk Threat Research Team.
It builds instrumented cloud and local environments, simulates attacks, and forwards data to a Splunk instance
It creates instrumented environments both in the cloud and locally, simulates various attack scenarios, and sends the collected data to a Splunk instance.
This environment can then be utilized for effective detection development and testing
This environment can then be used to develop and test the effectiveness of detections.
Purpose ���� The Attack Range is a detection development platform that addresses three primary challenges in detection engineering: It enables users to quickly set up a small lab infrastructure that closely resembles a production environment.
The Attack Range: Simulating Attacks for Real Data
The Attack Range simulates attacks by utilizing various engines, such as Atomic Red Team or Caldera, to produce authentic attack data.
Seamless Integration into CI/CD Pipelines
It integrates seamlessly into any Continuous Integration / Continuous Delivery (CI/CD) pipeline, allowing for the automation of the detection rule testing process.
Installation ���� Using Docker Attack Range in AWS
To begin, use the following commands to pull and run the Docker image for the Attack Range:
1. Pull the Docker image:
```
docker pull splunk/attack_range
```
2. Run the Docker container interactively:
```
docker run -it splunk/attack_range
```
3. Configure AWS:
```
aws configure
```
4. Finally, run the configuration script:
```
python attack_range.py configure
```
If you prefer to install directly on Linux or MacOS, please follow the provided instructions.
Architecture ���� The deployment of Attack Range consists of: Windows
