Kali Purple SOC

Kali Purple SOC: Part 4 – Installing and Configuring Fleet Server

Arion

May 13, 2023 — 2 min read

Adding Fleet Server

Fleet Server is a component of the Elastic Stack used to centrally manage Elastic Agents.

Open the Elastic menu and click Fleet.

Click Add Fleet Server.

Enter a name, the URL listed below and click Generate Fleet Server Policy.

Paste the Linux Tar output into a terminal window on the Kali Purple VM.

When prompted if you want to install elastic agent, enter Y.

⚠️

If you get an error, try installing curl, and trying again.
sudo apt-get install curl

Wait for fleet server to say Connected. Then click x at top right corner of Elastic.

Refresh the page

Under Agent Policies click Fleet Server Policy > Add Integration.

Search Elastic. Click Add Elastic Agent.

Click Save and Continue.

Save and deploy changes

The Fleet Server should now be set up, as seen below.

In the next step we'll be Installing and Configuring Metricbeat and Filebeat.

Kali Purple SOC: Part 5

Read more

Kali Purple SOC: Part 11 – Installing Kali Eminence VM and Elastic Agent

Kali Purple SOC: Part 11 – Installing Kali Eminence VM and Elastic Agent

Setting Up the VM Follow along with the screenshots below to configure the VM. Add serial port Start the graphical install Go through the language and region setup, then follow along with the screenshots below. Reboot, then login Enable SSH for remote administration sudo apt-get install ssh -y sudo systemctl

Kali Purple SOC: Part 10 – Installing Greenbone Vulnerability Scanner

Kali Purple SOC: Part 10 – Installing Greenbone Vulnerability Scanner

SSH Into Kali Violet VM Install Greenbone Vulnerability Scanner sudo apt update && sudo apt install -y gvm Setup Greenbone Vulnerability Scanner sudo gvm-setup this will take a while* Check config sudo gvm-check-setup Make GVM available on external interface sudo sed -e 's/127.0.0.1/0.0.0.0/

Kali Purple SOC: Part 9 – OpenCTI Installation and Setup

Kali Purple SOC: Part 9 – OpenCTI Installation and Setup

Installing OpenCTI SSH into Kali Violet VM Install dependencies sudo apt update && sudo apt install curl -y Install Docker sudo apt install docker.io -y sudo systemctl enable docker --now Manage Docker as a non-root user sudo usermod -aG docker $USER chmod 666 /var/run/docker.sock Install Portainer docker

Kali Purple SOC: Part 8 – Installing Kali Violet VM and Elastic Agent

Kali Purple SOC: Part 8 – Installing Kali Violet VM and Elastic Agent

Installing Kali Violet VM Follow the below screenshots in Proxmox Create a username and password. Select time zone. Reboot. From a terminal window, enable SSH sudo apt-get install ssh -y sudo systemctl enable ssh --now Install XRDP sudo apt update && sudo apt install xrdp -y sudo systemctl enable xrdp --now