forked from splunk/attack_range
-
Notifications
You must be signed in to change notification settings - Fork 0
/
attack_range.conf
273 lines (191 loc) · 8.78 KB
/
attack_range.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
# This file contains possible settings you can use to configure Attack Range
[global]
log_path = attack_range.log
# Sets the log_path for the logging file
log_level = INFO
# Sets the log level for the logging
# Possible values: INFO, ERROR
[range_settings]
key_name = attack-range-key-pair
# Specify the name of the EC2 key pair name
# This is only needed for modes: terraform and packer
ip_whitelist = 0.0.0.0/0
# Specify the IP whitelist for the aws instances
# This is only needed for modes: terraform and packer
private_key_path = ~/.ssh/id_rsa
# Specify the path to your private SSH key
# This is only needed for modes: terraform and packer
region = us-west-2
# Specify the aws region in which you want to build the attack range
# please ensure that aws_cli has the same region specified
# This is only needed for modes: terraform and packer
availability_zone = us-west-2a
# Specify the availability_zone
# The availability_zone needs to fit to your region
# This is only needed for modes: terraform and packer
subnet_cidr = 10.0.0.0/16
# Specify the subnet in which the EC2 instances are created
# The subnet needs to fit to the private IP addresses of the machines
# This is only needed for modes: terraform and packer
[splunk_settings]
splunk_admin_password = I-l1ke-Attack-Range!
# Specify the password for the admin user in Splunk
# It is recommended to change that value
splunk_url = https://download.splunk.com/products/splunk/releases/8.0.2/linux/splunk-8.0.2-a7f645ddaf91-Linux-x86_64.tgz
# Specify the download URL of Splunk Enterprise
splunk_binary = splunk-8.0.2-a7f645ddaf91-Linux-x86_64.tgz
# Specify the name of the Splunk Enterprise executable
s3_bucket_url = https://attack-range-appbinaries.s3-us-west-2.amazonaws.com
# Specify the S3 bucket url from which you want to download the Splunk Apps
splunk_windows_ta = splunk-add-on-for-microsoft-windows_700.tgz
# Specify the Splunk Windows TA
splunk_sysmon_ta = add-on-for-microsoft-sysmon_1030.tgz
# Specify the Splunk Sysmon TA
splunk_cim_app = splunk-common-information-model-cim_4150.tgz
# Specify the Splunk CIM App
splunk_escu_app = DA-ESS-ContentUpdate-latest.tar.gz
# Specify the Splunk ESCU App
splunk_asx_app = Splunk_ASX-latest.tar.gz
# Specify the Splunk ASX App
splunk_python_app = python-for-scientific-computing-for-linux-64-bit_200.tgz
# Specify the Splunk python for scientific computing dependency that is needed by the MLTK app
splunk_mltk_app = splunk-machine-learning-toolkit_510.tgz
# Specify the Splunk MLTK App
splunk_stream_app = splunk-stream_720.tgz
# Specify the Splunk Stream App
splunk_security_essentials_app = splunk-security-essentials_310.tgz
# Specify the Splunk SSE App
punchard_custom_visualization = punchcard-custom-visualization_140.tgz
status_indicator_custom_visualization = status-indicator-custom-visualization_140.tgz
splunk_attack_range_dashboard = splunk_attack_range_reporting.spl
timeline_custom_visualization = timeline-custom-visualization_140.tgz
splunk_bots_dataset = 0
# Installs index=botsv3 dataset respectively on the search head.
# 1 for install bots or 0 to not have it deployed
# For more information please see: https://github.com/splunk/securitydatasets
[phantom_settings]
phantom_community_username = user
# Specify the username needed to login to my.phantom.us to download Phantom
# This must be changed to a real username
# You can register under my.phantom.us
phantom_community_password = password
# Specify the password used to login to my.phantom.us to download Phantom
# This must be changed to a real password
# You can register under my.phantom.us
phantom_admin_password = I-l1ke-Attack-Range!
# Specify the password that will be used to login to the new Phantom instance as admin
# It is recommended that you change this value
phantom_app = phantom-app-for-splunk_305.tgz
[windows_settings]
win_username = Administrator
# Specify the Administrator user in your windows machine
# It is recommended to keep that value as it is
win_password = I-l1ke-Attack-Range!
# Specify the password for the Administrator User in Windows
# It is recommended to change that value
# The default windows password policy must be followed (at least three of uppercase letters, lowercase letters, numbers, and special characters)
splunk_uf_win_url = https://download.splunk.com/products/universalforwarder/releases/8.0.2/windows/splunkforwarder-8.0.2-a7f645ddaf91-x64-release.msi
# Specify the download URL of the Splunk windows universal forwarder
win_sysmon_url = https://attack-range-appbinaries.s3-us-west-2.amazonaws.com/Sysmon.zip
# Specify the download URL of sysmon
win_sysmon_template = SysmonConfig-TSwift.xml
# Specify the sysmon template
# Possible Values: SysmonConfig-moti.xml, SysmonConfig-Neo23x0-server.xml, SysmonConfig-Neo23x0-workstations.xml, SysmonConfig-TSwift.xml, SysmonConfig-Verbose.xml, SysmonConfigCustom.xml
[enterprise_security]
install_es = 0
# Specify whether install Splunk Enterprise Security or not.
# Splunk Enterprise Security is a Splunk Premium App, that's why it needs to be downloaded and stored into apps folder.
# After installing ES, Splunk is available under https://[ip]:8000
# possible values: 1, 0
splunk_es_app = splunk-enterprise-security_611.spl
# Spefify the name of the Splunk Enterprise Security file, which you saved into the apps folder.
[mltk]
install_mltk = 0
# Specify whether install Splunk MLTK or not.
# After installing MLTK, Splunk is available under https://[ip]:8000
# possible values: 1, 0
[dsp]
install_dsp = 0
# specify whether enable DSP output in Splunk or not
dsp_client_cert_path =
# specify the certificate path for the DSP client. A certificate must be generated using the following instructions:
# https://docs.splunk.com/Documentation/DSP/1.1.0/Data/Forwarder#Configure_your_forwarder_to_use_the_client_certificate
# specifically the path to the generated my_forwarder-keys.pem
dsp_node =
# specify a comma delimited list of DSP nodes to forward data to.
# Please verify that your attack_range network can connect to port 30001
[mission_control]
install_mission_control = 0
# specify whether install Mission Control App in Splunk or not
mission_control_app = splunk-connect-for-mission-control-ubuntu-0.0.1181.tgz
# Spefify the name of the Mission Control App for Splunk, which you saved into the apps folder.
[demo]
run_demo = 0
# specify whether run a specific demo or not.
demo_scenario = mission_control_malicious_putty
# Specify the name of the demo you want to run.
[simulation]
art_run_techniques = T1003
# Specify the run technique of atomic_red_team
# You can specify this value either over the command line or in this configuration file. Command line is prioritized over configuration file.
caldera_password = I-l1ke-Attack-Range!
# specify the caldera password for the user: admin
[environment]
# specify your Attack Range environment by enabling (1) or disabling (0) machines
phantom_server = 0
# enable a phantom server
# possible values: 1, 0
windows_domain_controller = 1
# enable a windows domain controller
# possible values: 1, 0
windows_server = 0
# enable a windows server
# possible values: 1, 0
kali_machine = 0
# enable a kali linux machine
# possible values: 1, 0
windows_client = 0
# enable a windows client
# this is only possible for vagrant in the moment
# possible values: 1, 0
[splunk_server]
# customize the splunk server
splunk_server_private_ip = 10.0.1.2
# specify the splunk server's private ip
[phantom_server]
# customize the phantom server
phantom_server_private_ip = 10.0.1.3
# specify the phantom server's private ip
[windows_domain_controller]
# customize the windows domain controller
windows_domain_controller_private_ip = 10.0.1.4
# specify the windows domain controller's private ip
windows_domain_controller_os = Windows_Server-2016-English-Full-Base-*
# specify the windows domain controller operating System
# Currently only Windows_Server_2016 is supported
[windows_server]
# customize the windows server
windows_server_private_ip = 10.0.1.5
# specify the windows server private ip
windows_server_os = Windows_Server-2016-English-Full-Base-*
# specify the windows server operating System
# Currently only Windows_Server_2016 is supported
windows_server_join_domain = 1
# specify if the windows server should join the windows domain
# possible values: 1, 0
[kali_machine]
# customize the kali machine
kali_machine_private_ip = 10.0.1.6
# specify the kali machine private ip
[windows_client]
# customize the windows client
windows_client_private_ip = 10.0.1.7
# specify the windows client private ip
windows_client_os = import-ami-0e5a092cc20dbb992
# specify the windows server operating System
# for mode Vagrant use Windows-10
# for mode terraform specify the ami name
# instructions to upload your own Windows 10 ami can be found in the wiki
windows_client_join_domain = 1
# specify if the windows client should join the windows domain
# possible values: 1, 0