-
Notifications
You must be signed in to change notification settings - Fork 357
Using Docker
The Attack Range can also be run from a docker container. This minimizes the dependencies and packages you would otherwise have to install to build a lab environment for adversary simulation & detection engineering research
Make sure to only delete the container when your Attack Range environment has been destroyed. You would otherwise lose the terraform state files and would have to delete all the created resources manually.
This article describes tree different scenarios to use the container.
In he first scenario, we don't pass any settings from our host computer and execute everything from docker including creating a configuration file and setting up the cloud provider tokens.
[Host computer]
$ docker pull splunk/attack_range
$ docker run -it splunkj/attack_range
[Docker container]
# aws configure ( or az login )
# python attack_range.py configuration
# python attack_range.py build
In this Scenario, we pass an existing Attack Range configuration file from the host computer to the container using docker volumes. We still need to manually configure the cloud provider tokens to build a range.
[Host computer]
$ docker pull splunk/attack_range
$ docker run -it -v ${PWD}:/attack_range/config splunk/attack_range
[Docker container]
# aws configure ( or az login )
# python attack_range.py --config config/attack_range.conf build
In the last scenario we pass a local configuration file as well as the existing local cloud provider tokens using docker volumes.
[Linux computer]
$ docker pull splunk/attack_range
$ docker run -it -v ~/.aws:/root/.aws -v ~/.azure:/root/.azure -v ${PWD}:/attack_range/config mvelazco/attack_range
[Windows host computer]
$ docker pull splunk/attack_range
$ docker run -it -v ${HOME}\.aws:/root/.aws -v ${HOME}\.azure:/root/.azure -v ${PWD}:/attack_range/config mvelazco/attack_range
[Docker container]
# python attack_range.py --config config/attack_range.conf show