-
Notifications
You must be signed in to change notification settings - Fork 357
Using Docker
The Attack Range can also be run from a docker container. This minimizes the dependencies and packages you would otherwise have to install to build a lab environment for adversary simulation & detection engineering research.
This article describes three different scenarios to use the container.
Note: Make sure to only delete the container when your Attack Range environment has been destroyed. You would otherwise lose the terraform state files and would have to delete all the created resources manually.
In the first scenario, we don't pass any settings from our host computer and execute everything from the docker container including creating a configuration file and setting up the cloud provider tokens to build a range.
[Host computer]
$ docker pull splunkresearch/attack_range
$ docker run -it splunkresearch/attack_range
[Docker container]
# aws configure ( or az login )
# python attack_range.py configuration
# python attack_range.py build
In this Scenario, we pass an existing Attack Range configuration file from the host computer to the container using docker volumes. We still need to manually configure the cloud provider tokens to build a range.
[Host computer]
$ docker pull splunkresearch/attack_range
$ docker run -it -v ${PWD}:/attack_range/config splunkresearch/attack_range
[Docker container]
# aws configure ( or az login )
# python attack_range.py --config config/attack_range.conf build
In the last scenario we pass a local configuration file, the existing local cloud provider tokens (Aws or Azure) and the local SSH keys using docker volumes to build a range.
[*nix host computer and AWS]
$ docker pull splunkresearch/attack_range
$ docker run -it -v ~/.aws:/root/.aws -v ~/.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunkresearch/attack_range
[*nix host computer and Azure]
$ docker pull splunkresearch/attack_range
$ docker run -it -v ~/.azure:/root/.azure -v ~/.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunkresearch/attack_range
[Windows host computer and AWS]
$ docker pull splunkresearch/attack_range
$ docker run -it -v ${HOME}\.aws:/root/.aws -v ${HOME}\.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunkresearch/attack_range
[Windows host computer and Azure]
$ docker pull splunkresearch/attack_range
$ docker run -it -v ${HOME}\.azure:/root/.azure -v ${HOME}\.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunkresearch/attack_range
[Docker container]
# python attack_range.py --config config/attack_range.conf build