Attack Range Docs

The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud and local environments, simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections.

The Attack Range is a detection development platform, which solves three main challenges in detection engineering:

• The user is able to quickly build a small lab infrastructure as close as possible to a production environment.

• The Attack Range performs attack simulation using different engines such as Atomic Red Team or Caldera in order to generate real attack data.

• It integrates seamlessly into any Continuous Integration / Continuous Delivery (CI/CD) pipeline to automate the detection rule testing process.

Contents:

• Attack Range AWS
  • Docker
  • MacOS
  • Linux
  • Windows
• Attack Range Azure
  • Docker
  • MacOS
  • Linux
  • Windows
• Attack Range Local
  • MacOS
  • Linux
• Attack Range Cloud
  • AWS CloudTrail
  • Azure Logs
• Control Attack Range
  • Build
  • Destroy
  • Stop
  • Resume
  • Show
• Attack Range Config
  • attack_range.yml
  • attack_range_default.yml
• Attack Simulation
  • Atomic Red Team
  • Purple Sharp
  • Prelude
  • Kali Linux
• Attack Data
  • Dump Attack Data
  • Replay Attack Data
• Attack Range Features
  • Fast build time with Packer
  • CrowdStrike Falcon
  • VMWare Carbon Black Cloud
  • BadBlood
  • Guacamole
• Cost Explorer
  • AWS
  • Azure