Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: splunk/attack_range
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: develop
Choose a base ref
...
head repository: gwuniversity/attack_range
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: develop
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.
  • 13 commits
  • 152 files changed
  • 1 contributor

Commits on Sep 4, 2024

  1. baseline edge w NLB, httpd w ALB, WAF

    @cudgel
    cudgel committed Sep 4, 2024
    Copy the full SHA
    563de83 View commit details

  2. merges from develop

    @cudgel
    cudgel committed Sep 4, 2024
    Copy the full SHA
    2d62d53 View commit details

  3. merges from byo_vpc. move all IPs to config, add ability to install a… 

    …pps from a private s3 bucket, add support for installing Tenable Nessus Agent, Palo Alto Cortex XDR, and Cisco Secure Endpoint. Remove deprecated language. Fix Ansible templates where variable interpolation was failing due to wrong quotes.
    @cudgel
    cudgel committed Sep 4, 2024
    Copy the full SHA
    c85ac2f View commit details

  4. Merge branch 'splunk:develop' into byo_vpc

    @cudgel
    cudgel authored Sep 4, 2024
    Copy the full SHA
    6b6c9ae View commit details

Commits on Sep 6, 2024

  1. Merge branch 'byo_vpc' into develop

    @cudgel
    cudgel committed Sep 6, 2024
    Copy the full SHA
    efdac40 View commit details

  2. cleanup

    @cudgel
    cudgel committed Sep 6, 2024
    Copy the full SHA
    ae25ab6 View commit details

  3. create conf that was removed upstream

    @cudgel
    cudgel committed Sep 6, 2024
    Copy the full SHA
    a935859 View commit details

  4. Merge pull request #3 from gwuniversity/mutillidae 

    Mutillidae
    @cudgel
    cudgel authored Sep 6, 2024
    Copy the full SHA
    b4f36b0 View commit details

  5. linting for booleans, fix variable scope for edge processor

    @cudgel
    cudgel committed Sep 6, 2024
    Copy the full SHA
    1fc6fa2 View commit details

  6. Merge pull request #4 from gwuniversity/linting 

    linting for booleans, fix variable scope for edge processor
    @cudgel
    cudgel authored Sep 6, 2024
    Copy the full SHA
    cf0bd29 View commit details

Commits on Sep 7, 2024

  1. add byo windows ami support and move nessus install to hosts from gen… 

    …eral.
    @cudgel
    cudgel committed Sep 7, 2024
    Copy the full SHA
    ef4efa0 View commit details

  2. Merge pull request #5 from gwuniversity/windows_ami 

    add byo windows ami support and move nessus install to hosts
    @cudgel
    cudgel authored Sep 7, 2024
    Copy the full SHA
    c59a154 View commit details

Commits on Sep 26, 2024

  1. Merge branch 'develop' of https://github.com/splunk/attack_range into… 

    … develop
    @cudgel
    cudgel committed Sep 26, 2024
    Copy the full SHA
    e8c1c91 View commit details
Showing with 7,471 additions and 684 deletions.
  1. +144 −18 configs/attack_range_default.yml
  2. +14 −4 docs/source/Attack_Range_Config.md
  3. +45 −5 docs/source/Attack_Range_Features.md
  4. +23 −35 modules/aws_controller.py
  5. +18 −1 modules/config_handler.py
  6. +8 −0 terraform/ansible/edge_processor.yml
  7. +12 −0 terraform/ansible/httpd_server.yml
  8. +14 −14 terraform/ansible/linux_server.yml
  9. +26 −0 terraform/ansible/roles/awscli/tasks/main.yml
  10. +3 −0 terraform/ansible/roles/awscli/templates/config.j2
  11. +2 −3 terraform/ansible/roles/carbon_black_cloud_logs/tasks/config.yml
  12. +6 −0 terraform/ansible/roles/cisco_amp/tasks/main.yml
  13. +10 −0 terraform/ansible/roles/cisco_amp/tasks/ubuntu.yml
  14. +16 −0 terraform/ansible/roles/cisco_amp/tasks/windows.yml
  15. +1 −2 terraform/ansible/roles/contentctl/tasks/docker.yml
  16. +6 −0 terraform/ansible/roles/cortex_xdr/tasks/main.yml
  17. +31 −0 terraform/ansible/roles/cortex_xdr/tasks/ubuntu.yml
  18. +21 −0 terraform/ansible/roles/cortex_xdr/tasks/windows.yml
  19. +1 −1 terraform/ansible/roles/crowdstrike_falcon_logging/tasks/main.yml
  20. +29 −0 terraform/ansible/roles/edge_processor/tasks/install.yml
  21. +3 −0 terraform/ansible/roles/edge_processor/tasks/main.yml
  22. +3 −0 terraform/ansible/roles/edge_processor/templates/config.j2
  23. +4 −5 terraform/ansible/roles/guacamole/tasks/install_packages.yml
  24. +2 −0 terraform/ansible/roles/httpd_server_post/files/apache/conf-available/aliases.conf
  25. +1 −0 terraform/ansible/roles/httpd_server_post/files/apache/conf/error-pages.conf
  26. +14 −0 terraform/ansible/roles/httpd_server_post/files/apache/conf/headers.conf
  27. +17 −0 terraform/ansible/roles/httpd_server_post/files/apache/error-pages/404.html
  28. BIN terraform/ansible/roles/httpd_server_post/files/apache/error-pages/oops.jpg
  29. +93 −0 terraform/ansible/roles/httpd_server_post/files/apache/sites-available/mutillidae.conf
  30. +8 −0 terraform/ansible/roles/httpd_server_post/handlers/main.yml
  31. +158 −0 terraform/ansible/roles/httpd_server_post/tasks/apps.yml
  32. +48 −0 terraform/ansible/roles/httpd_server_post/tasks/lamp.yml
  33. +58 −0 terraform/ansible/roles/httpd_server_post/tasks/main.yml
  34. +44 −0 terraform/ansible/roles/httpd_server_post/tasks/modsec.yml
  35. +23 −0 terraform/ansible/roles/httpd_server_post/templates/attackrange.j2
  36. +1 −1 terraform/ansible/roles/join_domain/tasks/create.yml
  37. +20 −0 terraform/ansible/roles/linux_agent_prelude/tasks/install.yml
  38. +20 −0 terraform/ansible/roles/linux_agent_prelude/tasks/install_local.yml
  39. +7 −0 terraform/ansible/roles/linux_agent_prelude/tasks/main.yml
  40. +7 −8 terraform/ansible/roles/linux_install_auditd/tasks/install_auditd.yml
  41. +11 −11 terraform/ansible/roles/linux_osquery/tasks/install_osquery_linux.yml
  42. +7 −7 terraform/ansible/roles/linux_server_post/tasks/change_splunk_password.yml
  43. +2 −3 terraform/ansible/roles/linux_universal_forwarder/tasks/install_universal_forwarder.yml
  44. +5 −5 terraform/ansible/roles/nginx_server_post/tasks/main.yml
  45. +13 −13 terraform/ansible/roles/phantom/tasks/install_phantom_aws.yml
  46. +7 −7 terraform/ansible/roles/phantom/tasks/install_phantom_local.yml
  47. +3 −4 terraform/ansible/roles/phantom_byo_splunk/tasks/config.yml
  48. +19 −0 terraform/ansible/roles/prelude/files/prelude-operator.service
  49. +47 −0 terraform/ansible/roles/prelude/tasks/install.yml
  50. +4 −0 terraform/ansible/roles/prelude/tasks/main.yml
  51. +3 −0 terraform/ansible/roles/prelude/templates/env
  52. +76 −0 terraform/ansible/roles/red_team_tools/tasks/linux.yml
  53. +4 −86 terraform/ansible/roles/red_team_tools/tasks/main.yml
  54. +83 −0 terraform/ansible/roles/red_team_tools/tasks/windows.yml
  55. +18 −19 terraform/ansible/roles/snort/tasks/install_snort.yml
  56. +1 −1 terraform/ansible/roles/splunk_server/handlers/main.yml
  57. +2 −3 terraform/ansible/roles/splunk_server/tasks/configure_dltk.yml
  58. +1 −2 terraform/ansible/roles/splunk_server/tasks/configure_server_conf.yml
  59. +6 −4 terraform/ansible/roles/splunk_server/tasks/install_app_from_s3.yml
  60. +20 −0 terraform/ansible/roles/splunk_server/tasks/install_app_from_url.yml
  61. +9 −11 terraform/ansible/roles/splunk_server/tasks/install_stream_app.yml
  62. +2 −1 terraform/ansible/roles/splunk_server/tasks/main.yml
  63. +3 −3 terraform/ansible/roles/splunk_server/tasks/splunk.yml
  64. +4 −6 terraform/ansible/roles/splunk_server_post/tasks/change_splunk_password.yml
  65. +4 −5 terraform/ansible/roles/splunk_server_post/tasks/install_dltk.yml
  66. +7 −8 terraform/ansible/roles/splunk_server_post/tasks/install_enterprise_security.yml
  67. +1 −2 terraform/ansible/roles/splunk_server_post/tasks/phantom_server_configure.yml
  68. +1 −2 terraform/ansible/roles/splunk_server_post/tasks/phantom_server_configure_local.yml
  69. +6 −0 terraform/ansible/roles/tenable_agent/tasks/main.yml
  70. +15 −0 terraform/ansible/roles/tenable_agent/tasks/ubuntu.yml
  71. +28 −0 terraform/ansible/roles/tenable_agent/tasks/windows.yml
  72. +30 −0 terraform/ansible/roles/windows_agent_prelude/tasks/install.yml
  73. +31 −0 terraform/ansible/roles/windows_agent_prelude/tasks/install_local.yml
  74. +4 −0 terraform/ansible/roles/windows_agent_prelude/tasks/main.yml
  75. +4 −7 terraform/ansible/roles/windows_common/tasks/windows-disable-defender.yml
  76. +2 −3 terraform/ansible/roles/windows_common/tasks/windows-enable-4688-cmd-line-audit.yml
  77. +2 −3 terraform/ansible/roles/windows_common/tasks/windows-enable-ps-logging.yml
  78. +3 −2 terraform/ansible/splunk_server.yml
  79. +1 −1 terraform/ansible/windows.yml
  80. +62 −0 terraform/aws/iam.tf
  81. +8 −0 terraform/aws/locals.tf
  82. +46 −0 terraform/aws/modules/apache/httpd/main.tf
  83. +9 −0 terraform/aws/modules/apache/httpd/outputs.tf
  84. +66 −0 terraform/aws/modules/apache/httpd/resources.tf
  85. +18 −0 terraform/aws/modules/apache/httpd/variables.tf
  86. +9 −0 terraform/aws/modules/bastion_host/outputs.tf
  87. +52 −0 terraform/aws/modules/bastion_host/resources.tf
  88. +4 −0 terraform/aws/modules/bastion_host/variables.tf
  89. +55 −0 terraform/aws/modules/edge_processor/main.tf
  90. +9 −0 terraform/aws/modules/edge_processor/outputs.tf
  91. +67 −0 terraform/aws/modules/edge_processor/resources.tf
  92. +15 −0 terraform/aws/modules/edge_processor/variables.tf
  93. +9 −0 terraform/aws/modules/elb/outputs.tf
  94. +106 −0 terraform/aws/modules/elb/resources.tf
  95. +14 −0 terraform/aws/modules/elb/variables.tf
  96. +40 −0 terraform/aws/modules/elb_security_group/main.tf
  97. +4 −0 terraform/aws/modules/elb_security_group/outputs.tf
  98. +2 −0 terraform/aws/modules/elb_security_group/variables.tf
  99. +771 −0 terraform/aws/modules/firehose/iam.tf
  100. +361 −0 terraform/aws/modules/firehose/locals.tf
  101. +795 −0 terraform/aws/modules/firehose/main.tf
  102. +144 −0 terraform/aws/modules/firehose/outputs.tf
  103. +1,451 −0 terraform/aws/modules/firehose/variables.tf
  104. +16 −10 terraform/aws/modules/kali-server/resources.tf
  105. +0 −6 terraform/aws/modules/kali-server/variable.tf
  106. +6 −0 terraform/aws/modules/kali-server/variables.tf
  107. +15 −13 terraform/aws/modules/linux-server/resources.tf
  108. +0 −10 terraform/aws/modules/linux-server/variable.tf
  109. +11 −0 terraform/aws/modules/linux-server/variables.tf
  110. +2 −4 terraform/aws/modules/network/output.tf
  111. +15 −9 terraform/aws/modules/network/resources.tf
  112. 0 terraform/aws/modules/network/{variable.tf → variables.tf}
  113. +14 −14 terraform/aws/modules/nginx-server/resources.tf
  114. +0 −7 terraform/aws/modules/nginx-server/variable.tf
  115. +7 −0 terraform/aws/modules/nginx-server/variables.tf
  116. +10 −0 terraform/aws/modules/nlb/outputs.tf
  117. +82 −0 terraform/aws/modules/nlb/resources.tf
  118. +15 −0 terraform/aws/modules/nlb/variables.tf
  119. +4 −0 terraform/aws/modules/nlb_security_group/outputs.tf
  120. +40 −0 terraform/aws/modules/nlb_security_group/resources.tf
  121. +2 −0 terraform/aws/modules/nlb_security_group/variables.tf
  122. +13 −12 terraform/aws/modules/phantom-server/resources.tf
  123. +0 −8 terraform/aws/modules/phantom-server/variable.tf
  124. +7 −0 terraform/aws/modules/phantom-server/variables.tf
  125. +4 −0 terraform/aws/modules/route53/outputs.tf
  126. +19 −0 terraform/aws/modules/route53/resources.tf
  127. +17 −0 terraform/aws/modules/route53/variables.tf
  128. +37 −31 terraform/aws/modules/snort-server/resources.tf
  129. +10 −11 terraform/aws/modules/snort-server/variables.tf
  130. +21 −21 terraform/aws/modules/splunk-server/resources.tf
  131. +0 −13 terraform/aws/modules/splunk-server/variable.tf
  132. +14 −0 terraform/aws/modules/splunk-server/variables.tf
  133. +169 −0 terraform/aws/modules/waf-regional/main.tf
  134. +14 −0 terraform/aws/modules/waf-regional/outputs.tf
  135. +135 −0 terraform/aws/modules/waf-regional/variables.tf
  136. +8 −0 terraform/aws/modules/waf-regional/versions.tf
  137. +28 −0 terraform/aws/modules/waf-regional/wafregional_ruleset10_blacklisted_ips.tf
  138. +104 −0 terraform/aws/modules/waf-regional/wafregional_ruleset1_sqli.tf
  139. +43 −0 terraform/aws/modules/waf-regional/wafregional_ruleset2_auth_tokens.tf
  140. +86 −0 terraform/aws/modules/waf-regional/wafregional_ruleset3_xss.tf
  141. +101 −0 terraform/aws/modules/waf-regional/wafregional_ruleset4_lfi_rfi.tf
  142. +52 −0 terraform/aws/modules/waf-regional/wafregional_ruleset5_admin_access.tf
  143. +130 −0 terraform/aws/modules/waf-regional/wafregional_ruleset6_php_insecurities.tf
  144. +62 −0 terraform/aws/modules/waf-regional/wafregional_ruleset7_size_restriction.tf
  145. +137 −0 terraform/aws/modules/waf-regional/wafregional_ruleset8_csrf.tf
  146. +100 −0 terraform/aws/modules/waf-regional/wafregional_ruleset9_ssi.tf
  147. +21 −17 terraform/aws/modules/windows/resources.tf
  148. +10 −10 terraform/aws/modules/windows/variables.tf
  149. +34 −34 terraform/aws/modules/zeek-server/resources.tf
  150. +10 −10 terraform/aws/modules/zeek-server/variables.tf
  151. +189 −77 terraform/aws/resources.tf
  152. +90 −51 terraform/aws/variables.tf
162 changes: 144 additions & 18 deletions configs/attack_range_default.yml
View file
Original file line number Diff line number Diff line change
@@ -8,6 +8,8 @@ general:
key_name: "attack-range-key-pair"
# The key name is the name of the AWS key pair and at the same time an unique identifier for Attack Ranges.

name_prefix: "ar"

attack_range_name: "ar"
# Attack range Name let you build multiple Attack Ranges by changing this parameter.

@@ -67,7 +69,23 @@ aws:
# Specify the already created S3 bucket in the same region

tf_remote_state_dynamo_db_table: "test"
# Specify the already created DynamoDB table in the same region
# Specify the already created DynamoDB table in the same region

domain_controller_ip: "10.0.1.20"
network_cidr: "10.0.1.0/24"
create_vpc: "0"
# Enable/disable creation of VPC by setting this to 1 or 0.

first_dynamic_ip: 14
bastion_host_ip: "10.0.1.17"

vpc_id: ""
public_subnet_id: ""
alt_subnet_id: ""
private_subnet_id: ""
# VPC ID and subnet arn for byo vpc in AWS.

windows_ami: ""

azure:
location: "West Europe"
@@ -97,7 +115,6 @@ local:
# Attack Range Local used Virtualbox and Vagrant to build the Attack Range.

splunk_server:

install_es: "0"
# Enable/Disable Enterprise Security by setting this to 1 or 0.

@@ -107,6 +124,9 @@ splunk_server:
s3_bucket_url: "https://attack-range-appbinaries.s3-us-west-2.amazonaws.com"
# S3 bucket containing the Splunk Apps which will be installed in Attack Range.

s3_bucket_prefix: "attack_range"
# S3 bucket prefix containing the Splunk apps

splunk_url: "https://download.splunk.com/products/splunk/releases/9.3.0/linux/splunk-9.3.0-51ccf43db5bd-Linux-x86_64.tgz"
# Url to download Splunk Enterprise.

@@ -123,8 +143,8 @@ splunk_server:
- cisco-secure-endpoint-formerly-amp-for-endpoints-cim-add-on_212.tgz
- cisco-secure-endpoint-formerly-amp-for-endpoints_300.tgz
- palo-alto-networks-add-on-for-splunk_813.tgz
- punchcard---custom-visualization_150.tgz
- python-for-scientific-computing-(for-linux-64-bit)_421.tgz
- punchcard-custom-visualization_150.tgz
- python-for-scientific-computing-for-linux-64-bit_421.tgz
- snort-alert-for-splunk_111.tgz
- snort-3-json-alerts_105.tgz
- splunk-add-on-for-amazon-web-services-(aws)_770.tgz
@@ -143,11 +163,11 @@ splunk_server:
- splunk-common-information-model-(cim)_532.tgz
- splunk-es-content-update_4400.tgz
- splunk-machine-learning-toolkit_542.tgz
- splunk-sankey-diagram---custom-visualization_160.tgz
- splunk-sankey-diagram-custom-visualization_160.tgz
- splunk-security-essentials_380.tgz
- splunk-timeline---custom-visualization_162.tgz
- splunk-timeline-custom-visualization_162.tgz
- splunk_attack_range_reporting-1.0.9.tar.gz
- status-indicator---custom-visualization_150.tgz
- status-indicator-custom-visualization_150.tgz
- ta-for-zeek_108.tgz
- vmware-carbon-black-cloud_222.tgz
# List of Splunk Apps to install on the Splunk Server
@@ -162,14 +182,21 @@ splunk_server:
# Ingest BOTS data to Attack Range.

install_dltk: "0"
# Install Deep Learning Toolkit.
# Install Deep Learning Toolkit.

instance_profile_name: ""

role_arn: ""
# Role ARN generated by IAM

splunk_server_ip: "10.0.1.12"

phantom_server:
phantom_server: "0"
# Enable/Disable Phantom Server

phantom_app: "splunk_soar-unpriv-6.2.2.134-8f694086-el8-x86_64.tgz"
# name of the Splunk SOAR package located in apps folder.
# name of the Splunk SOAR package located in apps folder.
# aws: Make sure you use the RHEL 8 version which contains ....el8... in the file name
# azure, local: Make sure you use the RHEL 7 version which contains ....el7... in the file name

@@ -180,14 +207,16 @@ phantom_server:
# Specify Phantom IP address when you enabled byo phantom

phantom_byo_api_token: ""
# Phantom Api Token
# Phantom Api Token

phantom_server_ip: "10.0.1.13"

windows_servers_default:
hostname: ar-win
# Define the hostname for the Windows Server.

windows_image: "windows-server-2019"
# Name of the image of the Windows Server.
# Name of the image of the Windows Server.
# allowd values: windows-server-2016, windows-server-2019, windows-server-2022

create_domain: "0"
@@ -199,9 +228,6 @@ windows_servers_default:
win_sysmon_config: "SwiftOnSecurity.xml"
# Specify a Sysmon config located under configs/ .

install_red_team_tools: "0"
# Install different read team tools by setting this to 1 or 0.

bad_blood: "0"
# Install Bad Blood by setting this to 1 or 0.
# More information in chapter Bad Blood under Attack Range Features.
@@ -227,6 +253,9 @@ windows_servers_default:
aurora_agent: "0"
# Install Aurora Agent

instance_profile_name: ""
# Instance profile name generated by IAM

advanced_logging: "0"
# Enable verbose windows security logs by setting this to 1.

@@ -235,7 +264,28 @@ linux_servers_default:
# Define the hostname for the Linux Server.

sysmon_config: "SysMonLinux-CatchAll.xml"
# Specify a Sysmon config located under configs/ .
# Specify a Sysmon config located under configs/ .

install_red_team_tools: "0"
# Install different read team tools by setting this to 1.

install_cortex_xdr: "0"
# Install Cortex XDR agents by setting this to 1.

install_crowdstrike: "0"
# Install CrowdStrike Falcon by setting this to 1.

install_carbon_black: "0"
# Install Carbon Black Cloud by setting this to 1.

install_cisco_amp: "0"
# Install Cisco AMP by setting this to 1.

install_nessus: "0"
# Install Nessus by setting this to 1.

instance_profile_name: ""
# Instance profile name generated by IAM

install_crowdstrike: "0"
# Install CrowdStrike Falcon by setting this to 1.
@@ -246,7 +296,9 @@ linux_servers_default:

kali_server:
kali_server: "0"
# Enable Kali Server by setting this to 1.
# Enable Kali Server by setting this to 1.

kali_server_ip: "10.0.1.18"

nginx_server:
nginx_server: "0"
@@ -259,19 +311,93 @@ nginx_server:
# Specify what ip to proxy.

proxy_server_port: "8000"
# Specify what port to proxy.
# Specify what port to proxy.

nginx_server_ip: "10.0.1.31"

zeek_server:
zeek_server: "0"
# Enable Zeek Server by setting this to 1.

zeek_image: "zeek-v3-0-0"
# Specify the image used for Zeek Server.

zeek_server_ip: "10.0.1.50"

snort_server:
snort_server: "0"
# Enable Snort Server by setting this to 1.

snort_server_ip: "10.0.1.60"

simulation:
atomic_red_team_repo: redcanaryco
# Specify the repository owner for Atomic Red Team.

atomic_red_team_branch: master
# Specify the branch for Atomic Red Team.
# Specify the branch for Atomic Red Team.

prelude: "0"
# Install Prelude by setting this to 1.

prelude_operator_url: "https://download.prelude.org/latest?arch=x64&platform=linux&variant=zip&edition=headless"
# Specify where to download Prelude Operator from.

prelude_account_email: "test@test.com"
# Email account login into a Prelude Operator UI.
# Required for connecting to redirector, can be found on the GUI under connect -> deploy manual redirector -> accountEmail.

edge_processor:
edge_processor: "0"
# Enable Splunk Edge by setting this to 1.

use_nlb: "0"
# Enable/disable usage of Network Load Balancer by setting this to 1 or 0.

splunk_edge_url: ""
# Specify the Splunk Edge URL.

splunk_edge_token: ""
# Specify the Splunk Edge token.

splunk_edge_gid: ""
# The Splunk Edge Processor groupId

splunk_edge_tenant: ""
# Specify the Splunk Edge tenant.

splunk_edge_env: ""
# Specify the Splunk Edge environment.

edge_image: "splunk-edge-v3-0-0"
# Specify the image used for Splunk Edge.

httpd_server:
domain: "www.attackrange.local"
dns_zone: "attackrange.local"
cert_name: ""
httpd_server: "0"
# Enable HTTPD Server by setting this to 1.
use_alb: "0"

httpd_image: "httpd-v3-0-0"
# Specify the image used for HTTPD Server.

install_lamp: "0"
# Install LAMP by setting this to 1.

install_modsec: "0"
# Install ModSecurity by setting this to 1.

install_dvwa: "0"
install_mutillidae: "0"
install_sqli: "0"
# Install vulnerable web applications by setting this to 1.

waf:
waf: "0"
# Enable WAF by setting this to 1.
splunk_hec_endpoint: ""
splunk_hec_endpoint_type: "Raw"
splunk_hec_token: ""
# Specify the Splunk HEC endpoint and token.
18 changes: 14 additions & 4 deletions docs/source/Attack_Range_Config.md
View file
Original file line number Diff line number Diff line change
@@ -32,8 +32,8 @@ general:
crowdstrike_logs_access_key_id: ""
crowdstrike_logs_secret_access_key: ""
crowdstrike_logs_sqs_url: ""
# All these fields are needed to automatically deploy a CrowdStrike Agent and ingest CrowdStrike Falcon logs into the Splunk Server.
# See the chapter CrowdStrike Falcon in the docs page Attack Range Features.
# All these fields are needed to automatically deploy a Crowdstrike Agent and ingest Crowdstrike Falcon logs into the Splunk Server.
# See the chapter Crowdstrike Falcon in the docs page Attack Range Features.

carbon_black_cloud: "0"
# Enable/Disable VMWare Carbon Black Cloud log forwarding to Splunkby setting this to 1 or 0.
@@ -177,7 +177,7 @@ phantom_server:
# Enable/Disable Phantom Server

phantom_app: "splunk_soar-unpriv-6.2.2.134-8f694086-el8-x86_64.tgz"
# name of the Splunk SOAR package located in apps folder.
# name of the Splunk SOAR package located in apps folder.
# aws: Make sure you use the RHEL 8 version which contains ....el8... in the file name
# azure, local: Make sure you use the RHEL 7 version which contains ....el7... in the file name

@@ -195,7 +195,7 @@ windows_servers_default:
# Define the hostname for the Windows Server.

windows_image: "windows-server-2019"
# Name of the image of the Windows Server.
# Name of the image of the Windows Server.
# allowd values: windows-server-2016, windows-server-2019, windows-server-2022

create_domain: "0"
@@ -283,4 +283,14 @@ simulation:

atomic_red_team_branch: master
# Specify the branch for Atomic Red Team.

prelude: "0"
# Install Prelude by setting this to 1.

prelude_operator_url: "https://download.prelude.org/latest?arch=x64&platform=linux&variant=zip&edition=headless"
# Specify where to download Prelude Operator from.

prelude_account_email: "test@test.com"
# Email account login into a Prelude Operator UI.
# Required for connecting to redirector, can be found on the GUI under connect -> deploy manual redirector -> accountEmail.
````
Loading