-
Notifications
You must be signed in to change notification settings - Fork 357
Using Docker
The Attack Range can also be run from a docker container. This minimizes the dependencies and packages you would otherwise have to install to build a lab environment for adversary simulation & detection engineering research.
This article describes three different scenarios to use the container.
Note: Make sure to only delete the container when your Attack Range environment has been destroyed. You would otherwise lose the terraform state files and would have to delete all the created resources manually.
In the first scenario, we don't pass any settings from our host computer and execute everything from the docker container including creating a configuration file and setting up the cloud provider tokens to build a range.
[Host computer]
$ docker pull splunk/attack_range
$ docker run -it splunk/attack_range
[Docker container]
# aws configure ( or az login )
# python attack_range.py configure
# python attack_range.py build
In this scenario, we pass an existing Attack Range configuration file from the host computer to the container using docker volumes. We still need to configure the cloud provider tokens to build a range manually.
[Host computer]
$ docker pull splunk/attack_range
$ docker run -it -v ${PWD}:/attack_range/config splunk/attack_range
[Docker container]
# aws configure ( or az login )
# python attack_range.py --config config/attack_range.yml build
In the last scenario, we pass a local configuration file, the existing local cloud provider tokens (Aws or Azure), and the local SSH keys using docker volumes to build a range.
[*nix host computer and AWS]
$ docker pull splunk/attack_range
$ docker run -it -v ~/.aws:/root/.aws -v ~/.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunk/attack_range
[*nix host computer and Azure]
$ docker pull splunk/attack_range
$ docker run -it -v ~/.azure:/root/.azure -v ~/.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunk/attack_range
[Windows host computer and AWS]
$ docker pull splunk/attack_range
$ docker run -it -v ${HOME}\.aws:/root/.aws -v ${HOME}\.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunk/attack_range
[Windows host computer and Azure]
$ docker pull splunk/attack_range
$ docker run -it -v ${HOME}\.azure:/root/.azure -v ${HOME}\.ssh:/root/.ssh -v ${PWD}:/attack_range/config splunk/attack_range
[Docker container]
# python attack_range.py --config config/attack_range.yml build