BYOS - Bring Your Own Splunk

[ddnts]

Idea

Before opening this PR I've talked to @d1vious if there is any interest in our approach of integrating the Attack Range with an existing Splunk development environment.

This enables us in the first step to use an environment known and loved to create searches based on all events of the attacks coming from the Attack Range. In the second step, we use the Deployment Server to ship a production grade UF config to the Attack Range clients, attack again and then validate our searches.

This PR contains the mechanics to use an existing Splunk server and some general modifications on the repo (cosmetics, consistency).

I would love some feedback and hope other people could profit from this feature as well.

Changes

Added option to bring your own Splunk instance

• added splunk_server switch
• If splunk_server is set to 0, clients will be pointed to your own Splunk instance - provided via splunk_server_private_ip and no splunk_server VM will be installed
• to guarantee the functionality of caldera, a dedicated caldera_server will be installed
• dependent on splunk_server, caldera clients will be pointed towards the splunk_server VM or the caldera_server

Consistency

• added kali_machine_memory and kali_machine_cpu variables for vagrant
• switched hardcoded ip to splunk_server_private_ip from caldera config

Cosmetics

• fixed link to issue tracker of this repository to README.md
• fixed link to attack_range_local.conf in README.md
• added vagrant/Vagrantfile to .gitignore
• removed vagrant/Vagrantfile
• added spaces in ansible/roles/windows_universal_forwarder/files/win_event_log_inputs.conf

[josehelps]

I ran it locally this looks great. I would not change one with thing with it! Thank you very much.