Hi all,
I’m planning to deploy the Splunk Attack Range in a cloud-based lab environment, likely in AWS or Azure. I need to provide my team with clear guidance on the resource requirements for provisioning multiple virtual machines or instances as part of the full deployment.
From the documentation I see the Attack Range includes: Splunk Enterprise Server, Splunk SOAR, Windows Domain Controller, Windows Server, Windows Workstation, Kali Linux, Nginx server, a general-purpose Linux server, Zeek server, and Snort server (IDS).
I’m looking for recommendations on the following:
Compute — vCPU and RAM requirements for each component when deployed on separate VMs. What instance types have worked well in AWS or Azure?
Storage — Minimum and recommended disk space per instance. Are SSD-backed volumes necessary for performance? What IOPS or throughput is required for log-heavy components like Splunk or Zeek?
Deployment tips — Has anyone successfully deployed this in AWS or Azure? Any suggestions on instance sizing, storage configuration, or common bottlenecks when running all components concurrently?
Appreciate any best practices or real-world guidance you can share to help with efficient provisioning.
Thanks in advance!
