A more negative title I was thinking of using 😒

If you use assumptions and believes in Cyber Security Incident Response to make decisions you have failed

Security Incident Response Basics

Most Incident Responders or SOC people are aware of the standard cyber security (or information security) incident response process.

Normally the process follow the basic premise:

  1. Prepare and Plan
  2. Detect and Analyses (triage); for example an alarm triggers in your SIEM and the SOC analysts needs to asses if this is a true positive and other indicators of compromise
  3. Contain the threat
  4. Eradicate and Recover from the threat
  5. Post Incident Review and Lessons…

A quick guide to get this fantastic project running locally not in AWS.

Project Link: https://github.com/splunk/attack_range

!!!UPDATE!!! Read

This guide no longer works as a step by step guide.

The Splunk Attack Range does not support local installs with vagrant any more. However, the project https://github.com/splunk/attack_range_local/ does so all is well 😉

You can still read this guide to get an understanding of how to install the Attack Range in a VM, what system requirements you need etc. …

Julian Wiegmann

Quality is not an act, it is a habit. I work in Cyber Security so please excuse my pessimism. Find me on twitter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store