Introducing Attack Range v3.0

Security Splunk Threat Research Team
The Splunk Threat Research Team (STRT) is happy to release v3.0 of the Splunk Attack Range.

Splunk Attack Range is an open source project that allows security teams to spin up a detection development environment to emulate adversary behavior and use the generated telemetry data to build detections in Splunk. This blog highlights the new features introduced in version 3.0 to help build resilient, high-quality detections.

Splunk Attack Range

The Splunk Attack Range provides the following capabilities for detection engineering:

What’s New?

Optimized Build Process

We optimized the build time of Attack Range from 30 minutes to 5 minutes by using pre-built images which were generated with the tool Packer. Packer standardizes and automates the process of building Golden images which are templates for virtual machines. Previously, building an Attack Range with a Splunk Server and a Windows Server took around 30 minutes every time. By introducing Packer to pre-build images, the build time of Attack Range is reduced to 5 minutes or less. Generating the pre-built images takes around 20 minutes per server, which only needs to be performed once. Afterwards, you can build Attack Ranges within 5 minutes.

Related Articles

Compliance Essentials for Splunk 2.1.0
Security
8 Minute Read

Compliance Essentials for Splunk 2.1.0

Announcing the latest on Compliance Essentials for Splunk, an essential part of your toolkit to help your organization maintain and monitor your compliance status and cyber resiliency with various frameworks.
The GDPR: Ready for the wakeup call from your Data Privacy Officer?
Security
1 Minute Read

The GDPR: Ready for the wakeup call from your Data Privacy Officer?

How machine data can help organisations prepare for GDPR and support their compliance programmes
Detecting Suspicious ESXi Activity Before Ransomware Happens
Security
11 Minute Read

Detecting Suspicious ESXi Activity Before Ransomware Happens

Learn to detect suspicious activity using Splunk, including log ingestion, common indicators, and comprehensive detection strategies for VMware ESXi environments.