How To Install Kali Purple With Elastic SIEM
HTML-код
- Опубликовано: 21 окт 2024
- We will install Kali purple and deploy elastic siem, then test whether elastic SIEM EDR features work or not by deploying a windows executable, will it block it? Watch and find out how awesome the new kali purple is!
Resources:
Read kali purple wiki: gitlab.com/kal... Connect and Direct Message me on Linkedin: / howard-mukanda-24503144
You made the whole process extremely simple. The documentation they provided was a mess.
You deserve much more views and subscribers, and you just earned one!
it was easy to follow and understand this tutorial! Thanks
Good stuff man...keep it up. Quality content
Thank you
You are on point this is the best video on kali purple installation guide keep it up waiting for more videos like this thank you
8 months later and Im back on this video - finally starting this How to. I'll report back and let you know how it goes. But in the meantime - thanks for making videos like this.
I liked this to a point, but I cant stress how much people who are watching this want their output to look like yours when you run the commands. When you say, "This did this because I already have it installed" and "it will just work for you", is more than a little frustrating. You are better off doing this on a clean box so the output of your install, matches your viewers who are doing it for the first time. The reasons why this matters, is there is more videos of this setup now (since kali purple came out) and other dont make this mistake. 'Keep up the good work. I do appreciate the effort and I know it aint nothing!!
I agree with you. I followed the instructions in this video to the letter and enthusiastically but the installations with Linux are not clean, the first point from gitlab did not work for me because it ended up saying that it could not find the elasticsearch package. Of course, it could be that when I installed Kali Linux Purple I had problems with the selection of the programs to install, it did not let me install all the options that were marked by default because it said that there was an error with a program. So I unchecked the last two options for "additional" programs or tools, etc., there it did allow Kali Linux to be installed. I looked for the error, repaired it and went back to point 1 but it didn't end up telling me about any credentials and when I try to open the browser with [IP address]:5601, I get the IP address of /etc/hosts at the front from the kali machine and it didn't work. Conclusion: it is frustrating, Linux serves to waste time messing around, tasty but without results in the end.
Great tutorial MUCH easier to use than the "documentation"
Thank you Phil
Thanks for giving concise tutorials! keep it up!
This is some great clear and concise content. Thanks for sharing! Susbcsribed and looking forwarded to future content.
Thank you 🙏
I am not getting the alerts on the security alerts the way you are in 26:01, what could be the issue?
Thank you so much, Great tutorial. I love your content. Kali Purple is looking good.
Good stuff man, better than many thanks
Thank you
Great vid, just quick question. If my Kali install is just Kali not Kali-purple, the hosts would be Kali.Kali.purple?? I’m getting a few errors I’m putting down to that..
Awesome stuff! Why is the source_ip and destination_ip fields showing a “dash” in the Elastic security alerts for reverse.exe? 26:59 oh wait is that because the connection got blocked?
Yeah, no network connection was established
should we weaponize kali purple with the offensive tools rather than running 2 different VMs and exhausting system resources, this is for someone having no more than 16 Gig ram to spare for the whole setup. Your thoughts
thank you friend, it was the video I was looking for
heum I think the explanation is incomplete, there is no further explanation regarding how to move from http to https. after copy and paste command what else should be done?
Thank you for the video. I`ve ran into some complication in one of the last steps
after getting the fleet server running, I`m trying to add my Windows VM as an agent. But whenever i copy the code from kali purple`s elastic defend and run it on Windows, I get an error saying " Could not connect as machine actively refused it" I noticed both my VMs have the same IP address "10.0.2.15"
from where you got the credentials i have setup all but unable to sign in any solution?????
Hello Sir, does this setup already installs the logstash?
I enrolled the windows agent successfully but then the status is "Offline" with this error (Failed to execute all workflows: Not found)... How to fix it?
Did you disable “Windows Defender” for your Windows VM? Every time I attempt to download the reverse.exe, Windows defender blocks it, and no alert is received in ELK.
Yeah if you want to test elastic agent disable defender, even better, find a better way to evade defender and it will be a great lab !
I am unable to connect my elasticsearch to my kali, must i have an account there first?
Incorrect password or the elastic web ui is unavailable?
@@CSimms-yv1lw specify the Kibana port. Also check the status of the services make sure they are running. And finally make sure the ip address is in etc/hosts
once
once i upgraded to https for elastic, it now says "kibana server is not ready yet"
Anyone else having problems with Fleet? It seems to install okay, but after a reboot its status is always "Offline". I tried removing system from the fleet server policy, but that didn't work. Seems this has been an on-going issue for awhile and I'm not finding anything in the logs that indicate that it's a certificate issue.
I noticed that too. I removed system, and I have to restart the elastic agent on kali purple and everything seem to work. Seems like a bug
@@ITSecurityLabs Thankfully it's in a VM and I have plenty of snapshots to fall back to!
Hello Sir, I followed this tutorial and everything when well till the part of launching elastic siem on the browser using the IP address, the page kept on loading forever, please kindly guide me
did you find the solution?
Bro I love your vids, I finally got a pi 4b 8gb and was wondering whether elastic siem would work on the Kali raspberry pi version?
🙏❤️
That might work I have not tried it. SIEM is resource intensive and for me I have committed more than 8GB and I am not sure if a pi cuts it. Let me know if you get it to work
@@ITSecurityLabs ok thanks, I’ll do it sometime this week and I’ll definitely let you know. 👋
@@ITSecurityLabs it doesn’t work. Maybe now with the pi5 more support for applications like this will get updated. There were workarounds, but that was using older versions buster or older, and that literally negates the point of security (old kernel etc) so I didn’t bother tryin. 👍
R u gettin a pi 5?
Trying to create the enrollment token for Kibana. I'm getting the following: ERROR: Failed to determine the health of the cluster. Unexpected Http status [503]. Thoughts? anyone please.
I need help on how to get my login password or how to reset the password.
Hi, I followed the instructions in your video simmilar to 301_kali-purple installation documentation, got into some issues with 101_40: Elastic... Because they were not very clear how to put ==insecure to enable the agent. Now after reboot I just can't make the service start ... what is the command line to start the freaking thing? I tried numerous ways found over internet but they were all just a waste of time, I even changed the rights for the folder where elasticsearch is still nothing it says line 78: /etc/default/elasticsearch: Permission denied as root can't run so I'm stuck. Please some much needed help would be apreciated, Thank you.
don't know if this will help but I tried:
sudo systemctl start elasticsearch.service
Awesome Bro ❤🔥
Can t wait your New Tutorial...
Thank you
Hi, what is diff Elastic Stack on Kali purple vs Elastic Stack on Security onion?
Security onion added a separate UI and has wazuh added. ELK SIEM is straight ELK with the security plugin
i am having trouble enabling https for kibana. Someone pls help!
What if you want the SIEM to ingest syslogs from a router or servers?
You can use filebeat. Check out how we send suricata logs in this series on video #3
How can you add windows system. ? When you add agent for windows , you would make some config before?
Watch the video, at the 20th minute I add the agent to windows
Did anyone experience any errors on Step 4. Enable HTTPS for Kibana?
yes what I ended up doing was not logging into the server on step 3, instead went immediately into step 4 then login to the server. If it didn't finished I was able to refresh the browser and was good for https.
How many gbs does it take to create all the labs
I say about 400
very thanksss
So you know gns3?
Yes, used it a lot in my CCNP CCNA days
elasticsearch stopped after sometime
awesome video but got to ask were can i fine my password at? for the login
Try www.elastic.co/guide/en/elasticsearch/reference/master/reset-password.html
You need to go to the elasticsearch binary location
@@ITSecurityLabs thank's for the heads up
@@ITSecurityLabs thank you this was a lot of help
👍🔥🔥🔥
I ran into some issues, but all good 👍
You didn't show anything. You just kept pasting their documentation, half of them failed, you just ignored that and kept going on because it was already setup. Waste of my time.
Thank you you for this video. When i tried to enable Https for kibana, it's asking " Enter password for CA (elastic-stack-ca.p12) How am i going to get that password
same issue for me also
@@hariprasathm9644 i am having the same problem, have you fixed it?
The password is the same that displays after the installation. But if you miss it you'll have to run a command to make a new one. I'm sorry command I didn't write down.
When i tried to enable Https for kibana, it's asking " Enter password for CA (elastic-stack-ca.p12) How am i going to get that password