Kali Purple SOC
SSH Into Kali Violet VM Install Greenbone Vulnerability Scanner sudo apt update && sudo apt install -y gvm Setup Greenbone Vulnerability Scanner sudo gvm-setup this will take a while* Check config sudo gvm-check-setup Make GVM available on external interface sudo sed -e 's/127.0.0.1/0.0.0.0/
Kali Purple SOC
Installing OpenCTI SSH into Kali Violet VM Install dependencies sudo apt update && sudo apt install curl -y Install Docker sudo apt install docker.io -y sudo systemctl enable docker --now Manage Docker as a non-root user sudo usermod -aG docker $USER chmod 666 /var/run/docker.sock Install Portainer docker
Kali Purple SOC
Installing Kali Violet VM Follow the below screenshots in Proxmox Create a username and password. Select time zone. Reboot. From a terminal window, enable SSH sudo apt-get install ssh -y sudo systemctl enable ssh --now Install XRDP sudo apt update && sudo apt install xrdp -y sudo systemctl enable xrdp --now
Kali Purple SOC
Installing Kibana OPNsense Integration Open the Elastic dashboard, click Fleet. Follow the screenshots below: Should look like the screenshot below: Configure OPNsense to send logs to Kali Purple Follow the screenshots below: Elastic should now be ingesting the OPNsense logs. Installing Filebeat on OPNsense ℹ️In OPNsense, ensure root account
Kali Purple SOC
Installing Filebeat SSH Into Kali Purple VM Download Filebeat curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.6.1-amd64.deb sudo dpkg -i filebeat-8.6.1-amd64.deb Modify /etc/filebeat/filebeat.yml to set the connection information sudo nano /etc/filebeat/filebeat.yml for setup.kibana host:
Kali Purple SOC
Installing Metricbeat SSH Into Kali Purple VM Download Metricbeat curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-8.6.1-amd64.deb sudo dpkg -i metricbeat-8.6.1-amd64.deb Modify /etc/metricbeat/metricbeat.yml to set the connection information sudo nano /etc/metricbeat/metricbeat.yml for setup.kibana host:
Kali Purple SOC
Adding Fleet Server Fleet Server is a component of the Elastic Stack used to centrally manage Elastic Agents. Open the Elastic menu and click Fleet. Click Add Fleet Server. Enter a name, the URL listed below and click Generate Fleet Server Policy. Paste the Linux Tar output into a terminal
Kali Purple SOC
Installing Elastic and Kibana ℹ️This will be done on the Kali Purple VM we set up in the previous post. Install Elasticsearch Dependencies sudo apt update && sudo apt upgrade -y sudo apt-get install curl curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /etc/apt/trusted.gpg.
Kali Purple SOC
Setup the VM in Proxmox Follow the screenshot guide below to get the Kali Purple VM up and running inside Proxmox. Click Create VM Configure as seen below Choose the location of your Kali purple .iso Enable Qemu agent Choose storage location for the VM. (It can be smaller than
Install Proxmox I've linked below a quick guide below to quickly get up and running with Proxmox, as well as a phenomenal crash course video by NetworkChuck on virtualization, featuring Proxmox. For the written guide below, do not perform step 5 or beyond; only perform steps 1-4. Install Proxmox VE
What is Kali Purple? Blue team meets red team Kali Purple is OffSec's first step into the world of defensive security. It's a Kali Linux distribution containing tools for both red and now blue team operations. Kali Purple in and of itself is just the distro. Kali Purple's SOC-in-a-box offering
