splunk
diff --git a/‎README.md
Lines changed: 2 additions & 0 deletions b/‎README.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎attack_range.py
Lines changed: 157 additions & 76 deletions b/‎attack_range.py
Lines changed: 157 additions & 76 deletions
diff --git a/‎configs/attack_range_default.yml
Lines changed: 0 additions & 4 deletions b/‎configs/attack_range_default.yml
Lines changed: 0 additions & 4 deletions
@@ -8,6 +8,8 @@
     <a href="https://github.com/splunk/attack_range/stargazers">
         <img src="https://img.shields.io/github/stars/splunk/attack_range?style=social" /></a>
 </p>
+> [!IMPORTANT]  
+> After careful consideration, we have decided to deprecate the local deployment in Attack Range due to ongoing challenges with VirtualBox and Vagrant. We will concentrate our development efforts on the cloud providers AWS, Azure, and GCP (coming soon). For local cyber range needs, we recommend using Ludus along with the Attack Range environment it offers.
 
 # Splunk Attack Range ⚔️
 ![Attack Range Log](docs/attack_range.png)
 
@@ -9,12 +9,13 @@
 
 # need to set this ENV var due to a OSX High Sierra forking bug
 # see this discussion for more details: https://github.com/ansible/ansible/issues/34056#issuecomment-352862252
-os.environ['OBJC_DISABLE_INITIALIZE_FORK_SAFETY'] = 'YES'
+os.environ["OBJC_DISABLE_INITIALIZE_FORK_SAFETY"] = "YES"
 
 
 def init(args):
     config_path = args.config
-    print("""                   
+    print(
+        """                   
                               __
                             .d$$b
                           .' TO$;\\
@@ -44,110 +45,146 @@ def init(args):
 
 By: Splunk Threat Research Team [STRT] - research@splunk.com
 
-    """)
+    """
+    )
 
     # parse config
     config = ConfigHandler.read_config(config_path)
     ConfigHandler.validate_config(config)
 
-    if config['general']['cloud_provider'] == 'aws':
-        config.pop('azure')
-        config.pop('local')
+    if config["general"]["cloud_provider"] == "aws":
+        config.pop("azure")
         controller = AwsController(config)
-    elif config['general']['cloud_provider'] == 'azure':
-        config.pop('aws')
-        config.pop('local')
+    elif config["general"]["cloud_provider"] == "azure":
+        config.pop("aws")
         controller = AzureController(config)
-    elif config['general']['cloud_provider'] == 'local':
-        from modules.vagrant_controller import VagrantController
-        config.pop('azure')
-        config.pop('aws')
-        controller = VagrantController(config)
-    
+
     return controller
 
 
 def simulate(args):
     controller = init(args)
     controller.simulate(args.engine, args.target, args.technique, args.playbook)
 
+
 def dump(args):
     controller = init(args)
     controller.dump(args.file_name, args.search, args.earliest, args.latest)
 
+
 def replay(args):
     controller = init(args)
     controller.replay(args.file_name, args.index, args.sourcetype, args.source)
 
+
 def build(args):
     controller = init(args)
     controller.build()
 
+
 def destroy(args):
     controller = init(args)
     controller.destroy()
 
+
 def stop(args):
     controller = init(args)
-    instance_ids = [id.strip() for id in args.instance_ids.split(',')] if args.instance_ids else None
+    instance_ids = (
+        [id.strip() for id in args.instance_ids.split(",")]
+        if args.instance_ids
+        else None
+    )
     controller.stop(instance_ids)
-    
+
+
 def resume(args):
     controller = init(args)
-    instance_ids = [id.strip() for id in args.instance_ids.split(',')] if args.instance_ids else None
+    instance_ids = (
+        [id.strip() for id in args.instance_ids.split(",")]
+        if args.instance_ids
+        else None
+    )
     controller.resume(instance_ids)
 
-def packer(args):
-    controller = init(args)
-    controller.packer(args.image_name)
 
 def configure(args):
     configuration.new(args.config)
 
+
 def show(args):
     controller = init(args)
     controller.show()
 
+
 def create_remote_backend(args):
     controller = init(args)
     controller.create_remote_backend(args.backend_name)
 
+
 def delete_remote_backend(args):
     controller = init(args)
     controller.delete_remote_backend(args.backend_name)
 
+
 def init_remote_backend(args):
     controller = init(args)
     controller.init_remote_backend(args.backend_name)
 
+
 def main(args):
     """
     main function parses the arguments passed to the script and calls the respctive method.
 
     :param args: Arguments passed by the user on command line while calling the script.
-    :return: returns the output of the function called.     
+    :return: returns the output of the function called.
     """
     # grab arguments
     parser = argparse.ArgumentParser(
-        description="Use `attack_range.py action -h` to get help with any Attack Range action")
-    parser.add_argument("-c", "--config", required=False, default="attack_range.yml",
-                        help="path to the configuration file of the attack range")
+        description="Use `attack_range.py action -h` to get help with any Attack Range action"
+    )
+    parser.add_argument(
+        "-c",
+        "--config",
+        required=False,
+        default="attack_range.yml",
+        help="path to the configuration file of the attack range",
+    )
     parser.set_defaults(func=lambda _: parser.print_help())
 
     actions_parser = parser.add_subparsers(title="attack Range actions", dest="action")
-    configure_parser = actions_parser.add_parser("configure", help="configure a new attack range")
-    build_parser = actions_parser.add_parser("build", help="builds attack range instances")
-    simulate_parser = actions_parser.add_parser("simulate", help="simulates attack techniques")
-    destroy_parser = actions_parser.add_parser("destroy", help="destroy attack range instances")
+    configure_parser = actions_parser.add_parser(
+        "configure", help="configure a new attack range"
+    )
+    build_parser = actions_parser.add_parser(
+        "build", help="builds attack range instances"
+    )
+    simulate_parser = actions_parser.add_parser(
+        "simulate", help="simulates attack techniques"
+    )
+    destroy_parser = actions_parser.add_parser(
+        "destroy", help="destroy attack range instances"
+    )
     stop_parser = actions_parser.add_parser("stop", help="stops attack range instances")
-    resume_parser = actions_parser.add_parser("resume", help="resumes previously stopped attack range instances")
+    resume_parser = actions_parser.add_parser(
+        "resume", help="resumes previously stopped attack range instances"
+    )
     packer_parser = actions_parser.add_parser("packer", help="create golden images")
     show_parser = actions_parser.add_parser("show", help="list machines")
-    dump_parser = actions_parser.add_parser("dump", help="dump locally logs from attack range instances")
-    replay_parser = actions_parser.add_parser("replay", help="replay dumps into the splunk server")
-    create_remote_backend_parser = actions_parser.add_parser("create_remote_backend", help="Create a Remote Backend")
-    delete_remote_backend_parser = actions_parser.add_parser("delete_remote_backend", help="Delete a Remote Backend")
-    init_remote_backend_parser = actions_parser.add_parser("init_remote_backend", help="Init a Remote Backend")
+    dump_parser = actions_parser.add_parser(
+        "dump", help="dump locally logs from attack range instances"
+    )
+    replay_parser = actions_parser.add_parser(
+        "replay", help="replay dumps into the splunk server"
+    )
+    create_remote_backend_parser = actions_parser.add_parser(
+        "create_remote_backend", help="Create a Remote Backend"
+    )
+    delete_remote_backend_parser = actions_parser.add_parser(
+        "delete_remote_backend", help="Delete a Remote Backend"
+    )
+    init_remote_backend_parser = actions_parser.add_parser(
+        "init_remote_backend", help="Init a Remote Backend"
+    )
 
     # Build arguments
     build_parser.set_defaults(func=build)
@@ -157,73 +194,117 @@ def main(args):
 
     # Stop arguments
     stop_parser.set_defaults(func=stop)
-    stop_parser.add_argument("--instance_ids", required=False, type=str, help="comma-separated list of instance IDs to stop")
+    stop_parser.add_argument(
+        "--instance_ids",
+        required=False,
+        type=str,
+        help="comma-separated list of instance IDs to stop",
+    )
 
     # Resume arguments
     resume_parser.set_defaults(func=resume)
-    resume_parser.add_argument("--instance_ids", required=False, type=str, help="comma-separated list of instance IDs to resume")
-
-    # Packer agruments
-    packer_parser.add_argument("-in", "--image_name", required=True, type=str,
-                                    help="provide image name such as splunk, linux, windows-2016, windows-2019, nginx, windows-10, windows-11")
-    packer_parser.set_defaults(func=packer)
+    resume_parser.add_argument(
+        "--instance_ids",
+        required=False,
+        type=str,
+        help="comma-separated list of instance IDs to resume",
+    )
 
     # Configure arguments
-    configure_parser.add_argument("-c", "--config", required=False, type=str, default='attack_range.yml',
-                                    help="provide path to write configuration to")
+    configure_parser.add_argument(
+        "-c",
+        "--config",
+        required=False,
+        type=str,
+        default="attack_range.yml",
+        help="provide path to write configuration to",
+    )
     configure_parser.set_defaults(func=configure)
 
     # Simulation arguments
-    simulate_parser.add_argument("-e", "--engine", required=False, default="ART",
-                                 help="simulation engine to use. Available options are: PurpleSharp and ART (default)")
-    simulate_parser.add_argument("-t", "--target", required=True,
-                                 help="target for attack simulation. Use the name of the aws EC2 name")
-    simulate_parser.add_argument("-te", "--technique", required=False, type=str, default="",
-                                 help="comma delimited list of MITRE ATT&CK technique ID to simulate in the "
-                                      "attack_range, example: T1117, T1118")
-    simulate_parser.add_argument("-p", "--playbook", required=False, type=str, default="",
-                                 help="file path for a simulation playbook")
+    simulate_parser.add_argument(
+        "-e",
+        "--engine",
+        required=False,
+        default="ART",
+        help="simulation engine to use. Available options are: PurpleSharp and ART (default)",
+    )
+    simulate_parser.add_argument(
+        "-t",
+        "--target",
+        required=True,
+        help="target for attack simulation. Use the name of the aws EC2 name",
+    )
+    simulate_parser.add_argument(
+        "-te",
+        "--technique",
+        required=False,
+        type=str,
+        default="",
+        help="comma delimited list of MITRE ATT&CK technique ID to simulate in the "
+        "attack_range, example: T1117, T1118",
+    )
+    simulate_parser.add_argument(
+        "-p",
+        "--playbook",
+        required=False,
+        type=str,
+        default="",
+        help="file path for a simulation playbook",
+    )
 
     simulate_parser.set_defaults(func=simulate)
 
     # Dump  Arguments
-    dump_parser.add_argument("-fn", "--file_name", required=True,
-                               help="file name of the attack_data")
-    dump_parser.add_argument("--search", required=True,
-                             help="splunk search to export")
-    dump_parser.add_argument("--earliest", required=True,
-                             help="earliest time of the splunk search")
-    dump_parser.add_argument("--latest", required=False, default="now",
-                             help="latest time of the splunk search")
+    dump_parser.add_argument(
+        "-fn", "--file_name", required=True, help="file name of the attack_data"
+    )
+    dump_parser.add_argument("--search", required=True, help="splunk search to export")
+    dump_parser.add_argument(
+        "--earliest", required=True, help="earliest time of the splunk search"
+    )
+    dump_parser.add_argument(
+        "--latest",
+        required=False,
+        default="now",
+        help="latest time of the splunk search",
+    )
     dump_parser.set_defaults(func=dump)
 
     # Replay Arguments
-    replay_parser.add_argument("-fn", "--file_name", required=True,
-                               help="file name of the attack_data")
-    replay_parser.add_argument("--source", required=True,
-                        help="source of replayed data")
-    replay_parser.add_argument("--sourcetype", required=True,
-                        help="sourcetype of replayed data")
-    replay_parser.add_argument("--index", required=False, default="test",
-                        help="index of replayed data")
+    replay_parser.add_argument(
+        "-fn", "--file_name", required=True, help="file name of the attack_data"
+    )
+    replay_parser.add_argument(
+        "--source", required=True, help="source of replayed data"
+    )
+    replay_parser.add_argument(
+        "--sourcetype", required=True, help="sourcetype of replayed data"
+    )
+    replay_parser.add_argument(
+        "--index", required=False, default="test", help="index of replayed data"
+    )
     replay_parser.set_defaults(func=replay)
 
     # Show arguments
     show_parser.set_defaults(func=show, machines=True)
 
     # Create Remote Backend
-    create_remote_backend_parser.add_argument("-bn", "--backend_name", required=True,
-                               help="name of the remote backend")
+    create_remote_backend_parser.add_argument(
+        "-bn", "--backend_name", required=True, help="name of the remote backend"
+    )
     create_remote_backend_parser.set_defaults(func=create_remote_backend)
 
     # Delete Remote Backend
-    delete_remote_backend_parser.add_argument("-bn", "--backend_name", required=True,
-                               help="name of the remote backend")
+    delete_remote_backend_parser.add_argument(
+        "-bn", "--backend_name", required=True, help="name of the remote backend"
+    )
     delete_remote_backend_parser.set_defaults(func=delete_remote_backend)
-    
+
     # Init Remote Backend
-    init_remote_backend_parser.add_argument("-bn", "--backend_name", required=True,
-                               help="name of the remote backend")
+    init_remote_backend_parser.add_argument(
+        "-bn", "--backend_name", required=True, help="name of the remote backend"
+    )
     init_remote_backend_parser.set_defaults(func=init_remote_backend)
 
     # # parse them
 
@@ -93,10 +93,6 @@ azure:
   event_hub_host_name: "xxx"
 # All these fields are needed to configure the Azure logs. See the chapter Azure Logs in the docs page Attack Range Cloud.
 
-local:
-  provider: "Virtual Box"
-# Attack Range Local used Virtualbox and Vagrant to build the Attack Range.
-
 splunk_server:
 
   install_es: "0"