Splunk Attack Range Description
The Splunk Attack Range project is now officially at v1.0. We are proud to have reached this milestone and reflect on how we got there, the features we've created for v1.0, and what the future holds for Splunk Attack Range. The Attack Range is a platform for detection development that addresses three major challenges in detection engineering. The user can quickly set up a small lab infrastructure that is as close to a production environment as possible. The Attack Range runs attack simulations using different engines such as Caldera or Atomic Red Team to generate real attack data. Third, since it is built as a CLI, it integrates seamlessly into any continuous integration/continuous delivery (CI/CD) pipeline to automate the detection rule testing process. It was easy to create a replicable environment that was close to production in just a few minutes, which allowed us to easily repeat and test many attacks.