A Splunk App for Attack Range Reporting. Provides dashboards for insights on your attack range simulations.
The Splunk Attack Range repo can be found here
It is a Splunk app that provides dashboards that enable a user of Splunk Attack Range to have better view of what simulations were run, relevant security content from other Splunk apps and overview of the available Atomic Red tests.
v1.0.x of the app is compatible with the following:
- Splunk 8.x.x
- Splunk Analytic Story execution v1.0
- Splunk Security Content v1.0.x
- Security Security Essentials v3.1.x
This application has the following depencencies:
- Punchcard - Custom Visualization
- Splunk Security Essentials v3.x.x
- Status Indicator - Custom Visualization
- Sankey Diagram - Custom Visualization
- Parallel Coordinates - Custom Visualization
- Treemap - Custom Visualization
Note: The application will fallback to not showing any panels that rely on prerequisite visualizations if they are missing.
The Main dashboard gives you an overview of the simulations run, users, hosts, MITRE ATT&CK tactics and techniques, tests executed and potential mapping with analytic stories.
The second dashboard (Navigator) shows all the available Atomic Red tests and their potential mappings to security content. The reason we categorize those as "potential" is because the mapping is simply made based on the MITRE technique/subtechnique referenced in the test and the security content. This does not necessarily mean that a specific Atomic Red Test will trigger a particular detection. This is where you should read more on what ATT&CK is all about and how the Splunk Security Content maps to it. :)
The 3rd dashboard allows you to search for potential Splunk Security Detections, Atomic Red Tests or determine PurpleSharp support for one or more MITRE Att&ck Technique/Subtechnique.
Finally there is a dashboard made with Splunk dashboards - Beta which looks nice but still in beta !
