Splunk Attack Range is an open-source detection development platform maintained by the Splunk Threat Research Team that builds instrumented cloud and local environments for security testing. The platform addresses three main challenges in detection engineering by providing infrastructure deployment capabilities, attack simulation functionality, and CI/CD integration for automated testing. Key features include: - Quick deployment of lab infrastructure that mimics production environments - Attack simulation using engines like Atomic Red Team and Caldera to generate realistic attack data - Seamless integration with CI/CD pipelines for automated detection rule testing - Support for both cloud (AWS) and local deployments - Docker containerization for easy deployment and management The tool forwards simulated attack data into Splunk instances, enabling security teams to develop and test the effectiveness of their detection rules in controlled environments. It supports Windows-based attack scenarios and provides comprehensive documentation for implementation and usage.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Fast Intercept is a security automation platform that empowers users to maximize their existing security products and automate routine tasks.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
Shuffle is a platform for automating security workflows with confidence, offering templates, collaboration tools, and a large app library.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.