Download Latest Version v4.0.0 source code.tar.gz (20.6 MB)
Email in envelope

Get an email when there's a new version of Splunk Attack Range

Home / v4.0.0
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2025-06-16 2.1 kB
v4.0.0 source code.tar.gz 2025-06-16 20.6 MB
v4.0.0 source code.zip 2025-06-16 20.8 MB
Totals: 3 Items   41.4 MB 2

Splunk Attack Range v4.0 Release Notes

The Splunk Threat Research Team (STRT) is happy to release v4.0 of the Splunk Attack Range.

Release Blog

Major Changes

  • SnapAttack CapAttack Integration - Added PowerShell capture agent that packages attacks with system logs, keystrokes, PCAP, and video for comprehensive attack analysis
  • GCP Support - Extended cloud platform support to include Google Cloud Platform alongside existing AWS and Azure deployments
  • Automated Splunk Apps Update Through CI/CD - Implemented automatic updates for all integrated Splunk Apps to ensure detection engineers work with current versions
  • Improved Caldera Integration - Enhanced deployment and configuration of MITRE's Caldera adversary emulation platform with better reliability and accessibility
  • Version-Tagged Docker Containers - Introduced specific version tags on DockerHub for greater stability and reproducibility in testing environments
  • Deprecate Splunk Attack Range Local - Discontinued local deployment support due to VirtualBox/Vagrant challenges; recommend Ludus for local range needs

Updates

  • Added CapAttack capture workflow to integrate with SnapAttack data collection
  • Improved Caldera interface reliability with port 8888 access
  • Updated Technical Add-ons (TAs) through automated CI/CD pipeline
  • Fixed various bugs in Caldera integration
  • Added replay file path functionality
  • Improved documentation and configuration guides
Source: README.md, updated 2025-06-16