Deployment guide Run Docker container docker run -it mihhailsokolov/purplesar Copy Splunk Enterprise Security into the container (in a separate window) Get container ID docker ps Copy ES SPL file into /PurpleSAR/apps/ inside the container docker cp .\splunk-enterprise-security_732.spl <CONTAINER_ID>:/PurpleSAR/apps/ Configure AWS credentials Set the API Key ID Set the Secret Key Set region to us-east-1 Keep output format empty aws configure Configure attack range deployment python attack_range.py configure Start the deployment python attack_range.py build Put billh credentials on ITSERVER Once the deployment is done, go to Guacamole and login into DC RDP into ITSERVER - 10.0.1.15 as billh Username: ATTACKRANGE\billh Password: PurpleSAR2024! Disconnect (NOT Sign Out) from the RDP sessions
