Posts

Setting Up a Splunk Testing Environment Using Terraform & GCP

Overview

Have you ever wished you had a fresh ephemeral Splunk instance that you could quickly spin up, run
some tests and then kill it, with maximum speed and minimum cloud costs?

I was working on a customer engagement recently that required me to test a custom developed
Splunk app on a large list of Splunk Universal Forwarder versions and OS distributions (75 distinct host
types in total) that if spun up manually on a cloud provider, would take a long time to set up and tear
down, would be subject to potentially costly “fat-fingering” user errors and would be costly if left up
longer than necessary.

Enter Hashi Terraform to the rescue. The industry-leading infrastructure-as-code tool makes the
standup, setup and teardown of cloud compute nodes simple, speedy and repeatable so that an
environment can be built, a complete set of tests can be run, results received and the test nodes
destroyed in minutes rather than hours.

In this whitepaper, I show how I set up my computer and built the Search Head and Deployment
server, as well as how I set up the many Splunk Universal Forwarders to satisfy the test plan.

Download Whitepaper

Get access to this exciting whitepaper now, by completing the form below.


Looking to expedite your success with Terraform? Click here for more information about our Terraform Professional Service offerings, including:

  • Terraform Implementation
  • Infrastructure Migration using Terraform
  • Implementing Zero Trust Architectures
  • Terraform Operational Assessment
splunk attack range

Save Time and Improve your Security Posture with Splunk Attack Range

The security posture of organizations is one of the most important factors year after year when it comes to defining internal strategies.

“Global cyberattacks increased by 38% in 2022 compared to 2021, with an average of 1168 weekly attacks per organization”

~ Check Point Research

The quote from Check Point Research above illustrates where the future trend of cybersecurity is headed and the challenges that organizations must face. However, anticipating and preparing the system defenses to evade and mitigate these attacks is not an easy task. From defining response and incident strategies to preparing work teams and configuring monitoring systems, it can all be a challenge.

Your core business is not to detect and mitigate security attacks, but is this essential to the achievement of your objectives? Have you ever wondered how you can simulate attacks and detections within a controlled environment to validate the configuration of your detection systems without spending part of your annual security budget? Read on and discover Splunk Attack Range.

What is Splunk Attack Range?

Splunk Attack Range is a tool developed by Splunk Threat Research Team (STRT) to simulate cyber attacks in a controlled environment for the purpose of improving an organization’s security posture. It allows security teams to test and validate their detection and response capabilities against a wide range of attack scenarios and techniques, such as phishing, malware infections, lateral movement, and data exfiltration.

Splunk Attack Range is designed to work with Splunk Enterprise Security, which is a security information and event management (SIEM) solution, and includes pre-built attack scenarios that are aligned with the MITRE ATT&CK framework, these ones can be customized to simulate the specific threats and vulnerabilities that are relevant to an organization’s environment.

splunk attack range

Where can I get Attack Range?

The STRT and the Splunk community are maintaining the project in GitHub.

Is Splunk Attack Range Easy to Deploy?

Yes, it is really straightforward! You can deploy it locally (if you have a powerful machine), on Azure or on AWS. Internally, we use our AWS environment and with a few simple steps, in a matter of minutes, terraform and ansible automatically deploy a complete test lab to validate our customers’ security configurations and optimize the security posture with Splunk’s real-time monitoring. This process allows for a proactive approach to managing security postures with Splunk and saves a lot of time for your Blue Team.

…and now?

Have fun! By merging our Splunk expertise and using these kinds of automation tools, we have been able to speed up our internal testing processes, stay agile and secure with Splunk’s security posture management tool, and transfer this knowledge and configurations on to our customers’ cybersecurity teams.

We strongly encourage you to try this tool. Check out an overview of v1.0, v2.0 and v3.0 in the Splunk blog.


Looking to expedite your success with Splunk Attack Range? Click here to view our Splunk Professional Service offerings.

Splunk Professional Services Partner

© Discovered Intelligence Inc., 2023. Unauthorised use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.