Name | Modified | Size | Downloads / Week |
---|---|---|---|
Parent folder | |||
README.md | 2025-06-16 | 2.1 kB | |
v4.0.0 source code.tar.gz | 2025-06-16 | 20.6 MB | |
v4.0.0 source code.zip | 2025-06-16 | 20.8 MB | |
Totals: 3 Items | 41.4 MB | 2 |
Splunk Attack Range v4.0 Release Notes
The Splunk Threat Research Team (STRT) is happy to release v4.0 of the Splunk Attack Range.
Release Blog
Major Changes
- SnapAttack CapAttack Integration - Added PowerShell capture agent that packages attacks with system logs, keystrokes, PCAP, and video for comprehensive attack analysis
- GCP Support - Extended cloud platform support to include Google Cloud Platform alongside existing AWS and Azure deployments
- Automated Splunk Apps Update Through CI/CD - Implemented automatic updates for all integrated Splunk Apps to ensure detection engineers work with current versions
- Improved Caldera Integration - Enhanced deployment and configuration of MITRE's Caldera adversary emulation platform with better reliability and accessibility
- Version-Tagged Docker Containers - Introduced specific version tags on DockerHub for greater stability and reproducibility in testing environments
- Deprecate Splunk Attack Range Local - Discontinued local deployment support due to VirtualBox/Vagrant challenges; recommend Ludus for local range needs
Updates
- Added CapAttack capture workflow to integrate with SnapAttack data collection
- Improved Caldera interface reliability with port 8888 access
- Updated Technical Add-ons (TAs) through automated CI/CD pipeline
- Fixed various bugs in Caldera integration
- Added replay file path functionality
- Improved documentation and configuration guides