Skip to content

v4.0.0
Compare
Choose a tag to compare
@josehelps josehelps released this 01 Jul 19:47
· 26 commits to develop since this release
v4.0.0
3bfa901

Splunk Attack Range v4.0 Release Notes

The Splunk Threat Research Team (STRT) is happy to release v4.0 of the Splunk Attack Range.

Release Blog

Major Changes

  • SnapAttack CapAttack Integration - Added PowerShell capture agent that packages attacks with system logs, keystrokes, PCAP, and video for comprehensive attack analysis
  • GCP Support - Extended cloud platform support to include Google Cloud Platform alongside existing AWS and Azure deployments
  • Automated Splunk Apps Update Through CI/CD - Implemented automatic updates for all integrated Splunk Apps to ensure detection engineers work with current versions
  • Improved Caldera Integration - Enhanced deployment and configuration of MITRE's Caldera adversary emulation platform with better reliability and accessibility
  • Version-Tagged Docker Containers - Introduced specific version tags on DockerHub for greater stability and reproducibility in testing environments
  • Deprecate Splunk Attack Range Local - Discontinued local deployment support due to VirtualBox/Vagrant challenges; recommend Ludus for local range needs

Updates

  • Added CapAttack capture workflow to integrate with SnapAttack data collection
  • Improved Caldera interface reliability with port 8888 access
  • Updated Technical Add-ons (TAs) through automated CI/CD pipeline
  • Fixed various bugs in Caldera integration
  • Added replay file path functionality
  • Improved documentation and configuration guides
Assets 2
Loading