Splunk Attack Range is an open-source platform that allows security teams to quickly build instrumented environments, simulate attacks, and forward the data into Splunk for detection development. This powerful framework helps organizations streamline multiple facets of the attack cycle, enabling faster response and more effective defense mechanisms.

In this session, we'll explore practical implementations of Splunk Attack Range and demonstrate how your security team can leverage it to develop and validate detections before deployment.

Topics we'll cover include:

- Setting up Attack Range to create environments that closely resemble production

- Generating realistic attack data using engines like Atomic Red Team

- Latest features in Splunk Attack Range v3.1, including Snort integration and Auditd logging

- Developing and testing effective detection content using simulated attack data

- Building comprehensive detections across endpoint, network, and cloud domains

Agenda:

- 3:30 PM - Meet and Greet

- 4:00 PM - Presentation and Live Demonstrations

   - Attack Range setup and configuration

   - Executing simulated attacks

   - Building detections with the generated data

- 5:00 PM - Q&A and Networking at Muldoon's

Whether you're a SOC analyst, detection engineer, or security leader, this session will provide valuable insights into improving your detection capabilities through practical simulation and testing.