Home Original page

Releases · splunk/attack_range

v5.0.0

Splunk Attack Range v5

  • UI, api, and cli option
  • Docker Compose builds
  • Secure access through Wireguard VPN
  • Multi cloud support: AWS, Azure, GCP
  • Many templates for different attack range setups
  • Share attack range access with team

v4.0.2

Changes:

  • improved splunk inputs
  • minor bug fixes

v4.0.1

Changes:

  • Encrypt all ec2 volumes
  • Allow to add default tags

v4.0.0

Splunk Attack Range v4.0 Release Notes

The Splunk Threat Research Team (STRT) is happy to release v4.0 of the Splunk Attack Range.

Release Blog

Major Changes

  • SnapAttack CapAttack Integration - Added PowerShell capture agent that packages attacks with system logs, keystrokes, PCAP, and video for comprehensive attack analysis
  • GCP Support - Extended cloud platform support to include Google Cloud Platform alongside existing AWS and Azure deployments
  • Automated Splunk Apps Update Through CI/CD - Implemented automatic updates for all integrated Splunk Apps to ensure detection engineers work with current versions
  • Improved Caldera Integration - Enhanced deployment and configuration of MITRE's Caldera adversary emulation platform with better reliability and accessibility
  • Version-Tagged Docker Containers - Introduced specific version tags on DockerHub for greater stability and reproducibility in testing environments
  • Deprecate Splunk Attack Range Local - Discontinued local deployment support due to VirtualBox/Vagrant challenges; recommend Ludus for local range needs

Updates

  • Added CapAttack capture workflow to integrate with SnapAttack data collection
  • Improved Caldera interface reliability with port 8888 access
  • Updated Technical Add-ons (TAs) through automated CI/CD pipeline
  • Fixed various bugs in Caldera integration
  • Added replay file path functionality
  • Improved documentation and configuration guides

v3.3.0

Changes:

  • GCP support
  • deprecate local deployment of Attack Range

v3.2.0

Changes:

  • Add Mitre Caldera
  • bug fixes

v3.1.1

Changes:

  • Improve Snort logging
  • Integrated Cisco Secure Endpoint

v3.1.0

Changes:

  • Remove packer to simplify usage
  • Build Snort server and get alarms to Splunk
  • Auditd logging for Linux server
  • better ansible variable handling
  • bug fixes

v3.0.0

v2.0.0

Merge pull request #629 from splunk/haag_fixes

Spacing and Kali Update