Security

Specific Splunk Attack Range Resource Specs

branmcd
Observer

Hi all,

I’m planning to deploy the Splunk Attack Range in a cloud-based lab environment, likely in AWS or Azure. I need to provide my team with clear guidance on the resource requirements for provisioning multiple virtual machines or instances as part of the full deployment.

From the documentation I see the Attack Range includes: Splunk Enterprise Server,  Splunk SOAR, Windows Domain Controller, Windows Server, Windows Workstation, Kali Linux, Nginx server, a general-purpose Linux server, Zeek server, and Snort server (IDS).

I’m looking for recommendations on the following:

  1. Compute — vCPU and RAM requirements for each component when deployed on separate VMs. What instance types have worked well in AWS or Azure?

  2. Storage — Minimum and recommended disk space per instance. Are SSD-backed volumes necessary for performance? What IOPS or throughput is required for log-heavy components like Splunk or Zeek?

  3. Deployment tips — Has anyone successfully deployed this in AWS or Azure? Any suggestions on instance sizing, storage configuration, or common bottlenecks when running all components concurrently?

Appreciate any best practices or real-world guidance you can share to help with efficient provisioning.

Thanks in advance!

 

Labels (1)
Tags (1)
0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...