cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Rumsha
Splunk Employee
Member since: ‎09-21-2022
‎10-26-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-21-2022
View All

Re: Splunk Attack Range: Build, Simulate, Detect

by Splunk Employee in Splunk Tech Talks
‎10-26-2022 02:21 PM
‎10-26-2022 02:21 PM
Questions & Answers from the Splunk Attack Range Tech Talk:   Q.  I manage ES and implement correl searches, including tuning and devising filtering etc. I would like to add a step where I deliberately 'oneshot' an attack dataset relevant to each rule to test that the notable fires. Attack Range looks excessive for this purpose. Is there simpler Splunk app or tool that would help me organize and manage 'oneshot' testing of my implemented correlations? A. I think you could use the replay_attack python script for this purpose. You don't need to build a lab environment with the Attack Range to use the python script. However, you have to make sure that the attack data we have available matches the schema you are using.   Q.  This would probably be a major re-engineering project but what would be the feasibility of "injecting" a backup of your own AD using a local version of the range install vs using the AD that's included with the range?   A.  W e allow folks to bring their own Splunk instance, but never consider a BYO AD instance, if you open a Github issue with this request we can easily triage it and consider it for a future version.     Q.  Is it AWS only, or could one build it in VirtualBox (locally)?   A. version 3.0 now on the repo supports local      https://attack-range.readthedocs.io/en/latest/Attack_Range_Local.html​     Q.   Which one do you prefer, PurpleSharp or ART?   A. I think they serve different purposes. We may use one or the other depending on the requirement. The next demo will give you a better idea     Q.   Looking at this python script, does it essentially perform a 'oneshot' of events into Splunk?   A. Pretty much. It uses the previously generated dataset and uses Splunks API to push the dataset     Visit Splunk Threat Research Team (STRT) to learn more. ... View more

Splunk Attack Range: Build, Simulate, Detect

by Splunk Employee in Splunk Tech Talks
‎10-13-2022 10:53 AM
‎10-13-2022 10:53 AM
  WATCH NOW Can your security teams successfully perform attack simulations to visualize and record attacks?  Splunk Attack Range 2.0 allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk. Watch the Tech Talk,   Splunk Attack Range: Build, Simulate, Detect and join the Splunk Threat Research  Team for a demo of Splunk Attack Range v2.0 and to learn about: How the Splunk Threat Research Team leverages the Splunk Attack Range The newest features available in the Splunk Attack Range v2.0 Future plans for Splunk Attack Range v3.0   Also don’t forget to view all the resources available to continue your Splunk journey: Blogs Introducing Splunk Attack Range v1.0 Introducing Splunk Attack Range v2.0 Simulating, Detecting, and Responding to Log4Shell with Splunk   Resources Splunk Attack Range 2.0  Splunk Security Content     Recommended .conf22 Sessions Home on the Range: Detection Engineering with Splunk Attack Range Linux Threat Detection with Attack Range Purple Teaming - Build, Attack, and Defend Your Organization Sign in and access sessions ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-26-2022 05:41 PM