Ansible roles and Ludus range config to deploy a full SOC lab environment automatically.
| VM | Role | VLAN | URL |
|---|---|---|---|
| Wazuh server | SIEM / XDR | 10 | .10 |
| TheHive | Case management | 10 | .11:9000 |
| Cortex | Analyzer / enrichment | 10 | .12:9001 |
| MISP | Threat intelligence | 10 | .13 |
| Shuffle | SOAR | 10 | .14:3001 |
| DVWA | Vulnerable target + Wazuh agent | 20 | .10/dvwa |
| Requirement | Version |
|---|---|
| Proxmox | 9.0+ |
| Ludus | latest |
| Ansible | 2.9+ |
| Python | 3.8+ |
Ludus templates required:
kali-x64-desktop-template-- used by Wazuh serverubuntu-24.04-x64-server-template-- used by all other VMs
Minimum host resources: 32 GB RAM · 12 CPU cores
git clone https://github.com/yefimbas/automated-cyber-range.git
cd automated-cyber-rangeludus ansible role add -d ./roles/wazuh_server
ludus ansible role add -d ./roles/wazuh_agent
ludus ansible role add -d ./roles/thehive
ludus ansible role add -d ./roles/cortex
ludus ansible role add -d ./roles/misp
ludus ansible role add -d ./roles/shuffle
ludus ansible role add -d ./roles/docker
ludus ansible role add -d ./roles/dvwaludus range config set -f range_config.ymlludus range deployFollow logs in real time:
ludus range logs -f- Kali: kali:kali
- Others: localuser:password
- The MISP: Stored at: /root/misp_settings.txt
| Variable | VM | Required | Description |
|---|---|---|---|
wazuh_admin_password |
wazuh_server | ❌ | If set, overrides the default Wazuh admin password after install |
wazuh_server_ip |
dvwa (wazuh_agent) | ✅ | IP of the Wazuh server — set automatically via range_config.yml |
wazuh_agent_name |
dvwa (wazuh_agent) | ❌ | Agent display name in Wazuh (default: ludus-agent) |
GPL-3.0