Kali Purple SOC

Kali Purple SOC: Part 8 – Installing Kali Violet VM and Elastic Agent

Arion

May 14, 2023 — 4 min read

Installing Kali Violet VM

Follow the below screenshots in Proxmox

Create a username and password.

Select time zone.

Reboot.

From a terminal window, enable SSH

sudo apt-get install ssh -y

sudo systemctl enable ssh --now

Install XRDP

sudo apt update && sudo apt install xrdp -y

sudo systemctl enable xrdp --now

sudo wget -P /etc/polkit-1/localauthority/50-local.d https://gitlab.com/kalilinux/documentation/kali-purple/-/raw/main/101_kali-violet/overlays/etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla

Enable serial console

sudo nano /etc/default/grub

Paste the following into the grub file:

## Kali Purple: Enable serial console
GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n8 console=tty1"
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

sudo update-grub

Reboot.

Installing Elastic Agent

sudo apt install -y rsyslog

Create a fleet policy for Linux servers, as seen below.

Paste the Linux Tar code block into a Kali Violet terminal window.

⚠️

You must include --insecure at the end of the command before executing it in the terminal.

Enter Y when prompted.

A confirmation message will appear in Kibana.

Close this window.

Follow the below screenshots:

You should be able to see info if you filter hostname: "kali-violet"

In the next section, we'll be looking at Installing OpenCTI.

Kali Purple SOC: Part 9

Kali Purple SOC: Part 11 – Installing Kali Eminence VM and Elastic Agent

Setting Up the VM Follow along with the screenshots below to configure the VM. Add serial port Start the graphical install Go through the language and region setup, then follow along with the screenshots below. Reboot, then login Enable SSH for remote administration sudo apt-get install ssh -y sudo systemctl

Kali Purple SOC: Part 10 – Installing Greenbone Vulnerability Scanner

SSH Into Kali Violet VM Install Greenbone Vulnerability Scanner sudo apt update && sudo apt install -y gvm Setup Greenbone Vulnerability Scanner sudo gvm-setup this will take a while* Check config sudo gvm-check-setup Make GVM available on external interface sudo sed -e 's/127.0.0.1/0.0.0.0/

Kali Purple SOC: Part 9 – OpenCTI Installation and Setup

Installing OpenCTI SSH into Kali Violet VM Install dependencies sudo apt update && sudo apt install curl -y Install Docker sudo apt install docker.io -y sudo systemctl enable docker --now Manage Docker as a non-root user sudo usermod -aG docker $USER chmod 666 /var/run/docker.sock Install Portainer docker

Kali Purple SOC: Part 7 – Installing OPNsense Integration in Kibana and Filebeat in Byzantium

Installing Kibana OPNsense Integration Open the Elastic dashboard, click Fleet. Follow the screenshots below: Should look like the screenshot below: Configure OPNsense to send logs to Kali Purple Follow the screenshots below: Elastic should now be ingesting the OPNsense logs. Installing Filebeat on OPNsense ℹ️In OPNsense, ensure root account