attack_range
botsv3
attack_range | botsv3 | |
---|---|---|
12 | 15 | |
1,965 | 216 | |
2.3% | 0.0% | |
7.7 | 0.0 | |
13 days ago | almost 4 years ago | |
Jinja | ||
Apache License 2.0 | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
attack_range
-
Splunk core certification
My advice… Don’t rush. Study the material and get a good understanding of the fundamentals. Each certification builds on the previous ones. If Splunk is a path you want to pursue, build those fundamentals. Put in the reps in a lab. Download BOTS, attack range data sets. Take a look at Splunk & Machine Learning YouTube channel. His videos are fantastic and he maintains a GitHub repo so you can use the datasets to practice what you learned on the video.
- Is there any repository for sample raw audit logs for various software platforms?
- Need to setup AD lab for praticing..
-
Dataset I can test IDS/IPS tools against?
Somewhat related, but if you’re using splunk, you could use Splunk Attack Range which simulates attacks.
- learning splunk. is there a way to "play" with it?
-
Introducing Splunk Attack Range v2.0
hey I think you are looking at a older repo for the local attack_range, we have not maintained this .. the current Splunk Attack Range lives here: https://github.com/splunk/attack_range/
-
Anyone have experience building a Windows AD lab environment in Docker?
Since you mention your in-depth ELK workflow, have you tried DetectionLab or Splunk's Attack Range? If you just want a fully working AD domain set up with various hosts, you can spin up the Red Team Attack Lab and then hook in your own logging stuff after it's built.
-
Terraform and Ansible
This is a project I've contributed to at work. It's designed to launch & configure a lab environment for security researchers, but that's not too important. It has a python CLI that takes a configuration file. That config file determines what bits of Terraform and ansible are executed. The Terraform builds instances in AWS (or Azure) and all the associated bits, and then calls the ansible playbook to provision that type of host.
-
Cool security project using Splunk?
Attack range: https://github.com/splunk/attack_range
-
How-to build detection scenarios properly?
have a look at Splunk's Attack Range project, which automates Caldera and Atomic Red Team for these kinds of purposes. i think this might help you as you gauge visibility, rulesets, etc ... https://github.com/splunk/attack_range
botsv3
-
Splunk core certification
I haven't had much time to work on a BoTSv3 (Boss of the SOC Version 3) guide yet, but the GitHub guide for it should do the trick. I prefer video guides, but the README on GitHub is decent. At a high-level, you will need to install Splunk, install the needed apps+add-on, and finally install the dataset. Here is the GitHub repo for the dataset: https://github.com/splunk/botsv3
-
What project ideas are there for a cybersecurity homelab?
Once you have splunk installed and running, you can start ingesting data from your environment, such as your firewall or other machines/services you're working with. There are lots of supported add-ons and guides online to help you with ingesting data. If you don't have data to ingest but still want to play around with performing investigations in Splunk, I would check out Boss of the SOC. It contains a large data set as well as necessary add-ons and apps for you to start playing around. Here is a link to the GitHub repo: https://github.com/splunk/botsv3
- Is there any repository for sample raw audit logs for various software platforms?
- Boos of SOC v3 questions and answers .csv files
-
Time line to each cert
And if you really have nothing you can download a BOTS dataset https://github.com/splunk/botsv3
-
Suggestions for a Beginner
Also, bots (Boss of the SOC) Here is v3
- Auto generated data for Observability training
- At my wits end - please help! BOSS OF THE SOC!
-
Paid Security Platforms
Look through the BOTS datasets. See if you can configure threat hunting reports/dashboards on your SIEM platforms based off of SIGMA rules or Att&ck Technique hypothesis. Follow Florian Roth, samir bousseaden, the Rodriguez brothers and olaf hartong on Twitter, watch all their talks and go through their various github projects.
-
Analytics with SIEM - Training
You can start with Boss of The SOC BOTS. There are 3 datasets and walkthroughs, you just need to install the free community version of Splunk on any hypervisor. The advantage is that it’s free.
What are some alternatives?
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
botsv2 - Splunk Boss of the SOC version 2 dataset.
red_team_attack_lab - Red Team Attack Lab for TTP testing & research
botsv1
BlueTeam.Lab - Blue Team detection lab created with Terraform and Ansible in Azure.
ELK_local_config - .yml files for faster local config
awesome-emulators-simulators - A curated list of software emulators and simulators of PCs, home computers, mainframes, consoles, robots and much more...
attack_range_local - Build a attack range in your local machine
fakernet - A framework for quickly creating internet-like services for labs, exercises, and research.
Awesome-Cybersecurity-Datasets - A curated list of amazingly awesome Cybersecurity datasets
BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.