Kali Purple SOC: Home Lab Project Overview
What is Kali Purple?
Blue team meets red team
Kali Purple is OffSec's first step into the world of defensive security. It's a Kali Linux distribution containing tools for both red and now blue team operations. Kali Purple in and of itself is just the distro. Kali Purple's SOC-in-a-box offering is a reference architecture you can build out yourself in support of learning blue and red team skills. This is what we will be taking a look at in this project series.
There is pre-existing documentation on how to set up this lab environment from the official wiki, but at the time of this writing it is somewhat disorganized and not always clear for someone who may be just getting started building out their home lab environment. I aim to make the guide more clear cut and easy to understand. I've also added a few additions and variations here and there of my own that slightly deviate from the main architecture.
If you'd like to get more detailed info on what all Kali Purple entails, visit their page here.
Phases
This project will be broken up into two different phases. The estimated time it takes to complete Phase 1 is somewhere between 8-16 hours. Phase 2 can extend up until the point you feel comfortable with the tools in the lab environment.
Phase 1
Phase 1 will be building out the architecture. We will be referencing the main layout, but making some changes of our own.
Phase 2
In Phase 2, we will be exploring what we can do with the tools and understanding how they all work together.
What's the Goal of the Project?
Core skills and tools
The goal of this lab is to get hands-on, practical experience with a number of tools that highlight some of the tasks a cyber security specialist would often be assigned:
- Deploying the ELK Stack as a SIEM
- Using Suricata as a NIDS/NIPS
- Understanding the NIST Cyber Security Framework
- Understanding key networking concepts
- Performing packet captures
- Carrying out vulnerability management
The lab will allow you to hone in on these skills as you see fit. It provides a simple understanding of the infrastructure you might see in a typical SOC environment.
Hardware Requirements
A relatively demanding environment
The Kali Purple SOC environment requires quite a solid hardware platform. You can certainly break this up and install the virtual machines on different devices if necessary.
Proxmox Hardware Requirements
Recommended Processor: 20 cores (e.g. Xeon processor(s) in a lower cost server)
Alternative Processor: higher end Intel or AMD (e.g. Intel i9 or Ryzen 9)
RAM: 64 GB
Drive space: 2TB
OPNsense Reasonable Hardware Requirements
Reasonable
The reasonable specification to run all OPNsense standard features, means every feature is functional, but perhaps not with a lot of users or high loads.
Networking: At least 2 Ethernet ports
Processor: 1 GHz dual core CPU
RAM: 4 GB
Install method: Serial console or video (VGA)
Drive space: 40 GB SSD
OPNsense Recommended Hardware Requirements
Recommended
The recommended specification to run all OPNsense standard features, means every feature is functional and fits most use cases.
Networking: At least 2 Ethernet ports
Processor: 1.5 GHz multi core CPU
RAM: 8 GB
Install method: Serial console or video (VGA)
Drive space: 120 GB SSD
