Kali Purple SOC

Kali Purple SOC: Part 11 – Installing Kali Eminence VM and Elastic Agent

Arion

May 30, 2023 — 3 min read

Setting Up the VM

Follow along with the screenshots below to configure the VM.

Add serial port

Start the graphical install

Go through the language and region setup, then follow along with the screenshots below.

Enable SSH for remote administration

sudo apt-get install ssh -y

sudo systemctl enable ssh --now

Install XRDP for remote administration

sudo apt update && sudo apt install xrdp -y

sudo systemctl enable xrdp --now

sudo wget -P /etc/polkit-1/localauthority/50-local.d https://gitlab.com/kalilinux/documentation/kali-purple/-/raw/main/401_kali-eminence/overlays/etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla

Enable serial console

sudo nano /etc/default/grub

Add the following under the existing config

## Kali Eminence: Enable serial console
GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n8 console=tty1"
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

sudo update-grub

Reboot.

Install Elastic agent dependencies

sudo apt install -y rsyslog

Add agent

In Elastic, go to Management > Fleet > Agent policies.

Select “Linux Server Policy” and click “Add Agent”

Copy the content from the “Linux Tar” tab. Install Elastic Agent on your host by copy and pasting that content into the command line on Kali-Eminence, and add --insecure to the end before executing.

Type y when prompted.

💡

If you receive an error, install curl sudo apt install curl -y

You should see the agent enrollment turn green. Click close.

In the next post, we'll be setting up Malcolm.

Kali Purple SOC: Part 12

Kali Purple SOC: Part 10 – Installing Greenbone Vulnerability Scanner

SSH Into Kali Violet VM Install Greenbone Vulnerability Scanner sudo apt update && sudo apt install -y gvm Setup Greenbone Vulnerability Scanner sudo gvm-setup this will take a while* Check config sudo gvm-check-setup Make GVM available on external interface sudo sed -e 's/127.0.0.1/0.0.0.0/

Kali Purple SOC: Part 9 – OpenCTI Installation and Setup

Installing OpenCTI SSH into Kali Violet VM Install dependencies sudo apt update && sudo apt install curl -y Install Docker sudo apt install docker.io -y sudo systemctl enable docker --now Manage Docker as a non-root user sudo usermod -aG docker $USER chmod 666 /var/run/docker.sock Install Portainer docker

Kali Purple SOC: Part 8 – Installing Kali Violet VM and Elastic Agent

Installing Kali Violet VM Follow the below screenshots in Proxmox Create a username and password. Select time zone. Reboot. From a terminal window, enable SSH sudo apt-get install ssh -y sudo systemctl enable ssh --now Install XRDP sudo apt update && sudo apt install xrdp -y sudo systemctl enable xrdp --now

Kali Purple SOC: Part 7 – Installing OPNsense Integration in Kibana and Filebeat in Byzantium

Installing Kibana OPNsense Integration Open the Elastic dashboard, click Fleet. Follow the screenshots below: Should look like the screenshot below: Configure OPNsense to send logs to Kali Purple Follow the screenshots below: Elastic should now be ingesting the OPNsense logs. Installing Filebeat on OPNsense ℹ️In OPNsense, ensure root account