Kali Purple SOC

Kali Purple SOC: Part 6 – Installing and Configuring Filebeat

Arion

May 14, 2023 — 2 min read

Installing Filebeat

SSH Into Kali Purple VM

Download Filebeat

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.6.1-amd64.deb

sudo dpkg -i filebeat-8.6.1-amd64.deb

Modify /etc/filebeat/filebeat.yml to set the connection information

sudo nano /etc/filebeat/filebeat.yml

for setup.kibana

host: "https://192.168.253.6"
  setup.kibana.ssl.enabled: true
  ssl.certificate_authorities: ["/etc/kibana/kibana-server_ca.crt"]
  setup.kibana.ssl.certificate: "/etc/kibana/kibana-server.crt"
  setup.kibana.ssl.key: "/etc/kibana/kibana-server.key"

for output.elasticsearch

 hosts: ["https://192.168.253.6"]
  username: "elastic"
  password: "<your_password>"
  # If using Elasticsearch's default certificate
  ssl.ca_trusted_fingerprint: "<es_cert_fingerprint>"

To find the es cert fingerprint, open another terminal window and input this command:

sudo openssl x509 -fingerprint -sha256 -noout -in /etc/elasticsearch/certs/http_ca.crt | awk 'BEGIN { FS = "=" } ; { print $2 }' | sed 's/://g'

Enable and configure the Elasticsearch module

sudo filebeat modules enable elasticsearch

sudo nano /etc/filebeat/modules.d/elasticsearch.yml

Enable Filebeat (this will take a few minutes)

sudo systemctl enable filebeat --now

Disabling warning “Missing replica shards”

Open Elastic dashboard, click Dev Tools.

Delete all in the console field.

paste the following into the console field:

PUT _settings
{
  "number_of_replicas": 0
}

Click the Run (play) icon

Click Stack Management

Follow the instructions in the screenshots below

Once you save, click Stack Monitoring

It should look something like this:

Next, we'll be taking a look at Installing the OPNsense integration.

Kali Purple SOC: Part 7

Kali Purple SOC: Part 11 – Installing Kali Eminence VM and Elastic Agent

Setting Up the VM Follow along with the screenshots below to configure the VM. Add serial port Start the graphical install Go through the language and region setup, then follow along with the screenshots below. Reboot, then login Enable SSH for remote administration sudo apt-get install ssh -y sudo systemctl

Kali Purple SOC: Part 10 – Installing Greenbone Vulnerability Scanner

SSH Into Kali Violet VM Install Greenbone Vulnerability Scanner sudo apt update && sudo apt install -y gvm Setup Greenbone Vulnerability Scanner sudo gvm-setup this will take a while* Check config sudo gvm-check-setup Make GVM available on external interface sudo sed -e 's/127.0.0.1/0.0.0.0/

Kali Purple SOC: Part 9 – OpenCTI Installation and Setup

Installing OpenCTI SSH into Kali Violet VM Install dependencies sudo apt update && sudo apt install curl -y Install Docker sudo apt install docker.io -y sudo systemctl enable docker --now Manage Docker as a non-root user sudo usermod -aG docker $USER chmod 666 /var/run/docker.sock Install Portainer docker

Kali Purple SOC: Part 8 – Installing Kali Violet VM and Elastic Agent

Installing Kali Violet VM Follow the below screenshots in Proxmox Create a username and password. Select time zone. Reboot. From a terminal window, enable SSH sudo apt-get install ssh -y sudo systemctl enable ssh --now Install XRDP sudo apt update && sudo apt install xrdp -y sudo systemctl enable xrdp --now