How To Install Kali Purple With Elastic SIEM

Подписаться 114 тыс.

Просмотров 24 тыс.

50% 1

We will install Kali purple and deploy elastic siem, then test whether elastic SIEM EDR features work or not by deploying a windows executable, will it block it? Watch and find out how awesome the new kali purple is!
Resources:
Read kali purple wiki: gitlab.com/kal... Connect and Direct Message me on Linkedin: / howard-mukanda-24503144

Опубликовано:

15 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 85

@masenyarametse3655 Год назад

You made the whole process extremely simple. The documentation they provided was a mess.

@PaKeHaXoR Год назад

You deserve much more views and subscribers, and you just earned one! it was easy to follow and understand this tutorial! Thanks

@csb21jb Год назад

Good stuff man...keep it up. Quality content

@ITSecurityLabs Год назад

Thank you

@PhilVollhardt Год назад

Great tutorial MUCH easier to use than the "documentation"

@ITSecurityLabs Год назад

Thank you Phil

@felixmoshami6613 Год назад

You are on point this is the best video on kali purple installation guide keep it up waiting for more videos like this thank you

@nump9768 10 месяцев назад

8 months later and Im back on this video - finally starting this How to. I'll report back and let you know how it goes. But in the meantime - thanks for making videos like this.

@joemorgan2253 Год назад

I liked this to a point, but I cant stress how much people who are watching this want their output to look like yours when you run the commands. When you say, "This did this because I already have it installed" and "it will just work for you", is more than a little frustrating. You are better off doing this on a clean box so the output of your install, matches your viewers who are doing it for the first time. The reasons why this matters, is there is more videos of this setup now (since kali purple came out) and other dont make this mistake. 'Keep up the good work. I do appreciate the effort and I know it aint nothing!!

@nachosaavedra5111 11 месяцев назад

I agree with you. I followed the instructions in this video to the letter and enthusiastically but the installations with Linux are not clean, the first point from gitlab did not work for me because it ended up saying that it could not find the elasticsearch package. Of course, it could be that when I installed Kali Linux Purple I had problems with the selection of the programs to install, it did not let me install all the options that were marked by default because it said that there was an error with a program. So I unchecked the last two options for "additional" programs or tools, etc., there it did allow Kali Linux to be installed. I looked for the error, repaired it and went back to point 1 but it didn't end up telling me about any credentials and when I try to open the browser with [IP address]:5601, I get the IP address of /etc/hosts at the front from the kali machine and it didn't work. Conclusion: it is frustrating, Linux serves to waste time messing around, tasty but without results in the end.

@aviborse1 Год назад

I am not getting the alerts on the security alerts the way you are in 26:01, what could be the issue?

@MrAehri Год назад

This is some great clear and concise content. Thanks for sharing! Susbcsribed and looking forwarded to future content.

@ITSecurityLabs Год назад

Thank you 🙏

@snrdon3431 10 месяцев назад

Great vid, just quick question. If my Kali install is just Kali not Kali-purple, the hosts would be Kali.Kali.purple?? I’m getting a few errors I’m putting down to that..

@carol-lo 9 месяцев назад

Thanks for giving concise tutorials! keep it up!

@leonardofish8385 Год назад

Thank you for the video. I`ve ran into some complication in one of the last steps after getting the fleet server running, I`m trying to add my Windows VM as an agent. But whenever i copy the code from kali purple`s elastic defend and run it on Windows, I get an error saying " Could not connect as machine actively refused it" I noticed both my VMs have the same IP address "10.0.2.15"

@ndaypopo9670 7 месяцев назад

heum I think the explanation is incomplete, there is no further explanation regarding how to move from http to https. after copy and paste command what else should be done?

@drmikeyg Год назад

Thank you so much, Great tutorial. I love your content. Kali Purple is looking good.

@nopigeonspodcast Месяц назад

once once i upgraded to https for elastic, it now says "kibana server is not ready yet"

@aviwemusa6109 Год назад

I enrolled the windows agent successfully but then the status is "Offline" with this error (Failed to execute all workflows: Not found)... How to fix it?

@MalwareHunter_07 4 месяца назад

from where you got the credentials i have setup all but unable to sign in any solution?????

@mrigankchanda4148 Год назад

should we weaponize kali purple with the offensive tools rather than running 2 different VMs and exhausting system resources, this is for someone having no more than 16 Gig ram to spare for the whole setup. Your thoughts

@4n6boi Год назад

Good stuff man, better than many thanks

@ITSecurityLabs Год назад

Thank you

@Zikanshi-AG 8 месяцев назад

I need help on how to get my login password or how to reset the password.

@gregharkins9870 Год назад

Trying to create the enrollment token for Kibana. I'm getting the following: ERROR: Failed to determine the health of the cluster. Unexpected Http status [503]. Thoughts? anyone please.

@ATO170 Год назад

Hello Sir, does this setup already installs the logstash?

@vonniehudson Год назад

Awesome stuff! Why is the source_ip and destination_ip fields showing a “dash” in the Elastic security alerts for reverse.exe? 26:59 oh wait is that because the connection got blocked?

@ITSecurityLabs Год назад

Yeah, no network connection was established

@mrchip2362 Год назад

Did you disable “Windows Defender” for your Windows VM? Every time I attempt to download the reverse.exe, Windows defender blocks it, and no alert is received in ELK.

@ITSecurityLabs Год назад

Yeah if you want to test elastic agent disable defender, even better, find a better way to evade defender and it will be a great lab !

@nate1479 Год назад

Hello Sir, I followed this tutorial and everything when well till the part of launching elastic siem on the browser using the IP address, the page kept on loading forever, please kindly guide me

@yasiriqbal541 10 месяцев назад

did you find the solution?

@CSimms-yv1lw Год назад

I am unable to connect my elasticsearch to my kali, must i have an account there first?

@ITSecurityLabs Год назад

Incorrect password or the elastic web ui is unavailable?

@ITSecurityLabs Год назад

@@CSimms-yv1lw specify the Kibana port. Also check the status of the services make sure they are running. And finally make sure the ip address is in etc/hosts

@bubbajoetx Год назад

Anyone else having problems with Fleet? It seems to install okay, but after a reboot its status is always "Offline". I tried removing system from the fleet server policy, but that didn't work. Seems this has been an on-going issue for awhile and I'm not finding anything in the logs that indicate that it's a certificate issue.

@ITSecurityLabs Год назад

I noticed that too. I removed system, and I have to restart the elastic agent on kali purple and everything seem to work. Seems like a bug

@bubbajoetx Год назад

@@ITSecurityLabs Thankfully it's in a VM and I have plenty of snapshots to fall back to!

@Jorge-cv6ll Год назад

thank you friend, it was the video I was looking for

@muhannedambusaidi3502 Год назад

i am having trouble enabling https for kibana. Someone pls help!

@mihaiemanuels Год назад

Hi, I followed the instructions in your video simmilar to 301_kali-purple installation documentation, got into some issues with 101_40: Elastic... Because they were not very clear how to put ==insecure to enable the agent. Now after reboot I just can't make the service start ... what is the command line to start the freaking thing? I tried numerous ways found over internet but they were all just a waste of time, I even changed the rights for the folder where elasticsearch is still nothing it says line 78: /etc/default/elasticsearch: Permission denied as root can't run so I'm stuck. Please some much needed help would be apreciated, Thank you.

@geraldjeffcoat392 11 месяцев назад

don't know if this will help but I tried: sudo systemctl start elasticsearch.service

@-someone-. Год назад

Bro I love your vids, I finally got a pi 4b 8gb and was wondering whether elastic siem would work on the Kali raspberry pi version? 🙏❤️

@ITSecurityLabs Год назад

That might work I have not tried it. SIEM is resource intensive and for me I have committed more than 8GB and I am not sure if a pi cuts it. Let me know if you get it to work

@-someone-. Год назад

@@ITSecurityLabs ok thanks, I’ll do it sometime this week and I’ll definitely let you know. 👋

@-someone-. Год назад

@@ITSecurityLabs it doesn’t work. Maybe now with the pi5 more support for applications like this will get updated. There were workarounds, but that was using older versions buster or older, and that literally negates the point of security (old kernel etc) so I didn’t bother tryin. 👍 R u gettin a pi 5?

@admar-nelson Год назад

Hi, what is diff Elastic Stack on Kali purple vs Elastic Stack on Security onion?

@ITSecurityLabs Год назад

Security onion added a separate UI and has wazuh added. ELK SIEM is straight ELK with the security plugin

@onurkavi86 Год назад

How can you add windows system. ? When you add agent for windows , you would make some config before?

@ITSecurityLabs Год назад

Watch the video, at the 20th minute I add the agent to windows

@itsathejoey Год назад

What if you want the SIEM to ingest syslogs from a router or servers?

@ITSecurityLabs Год назад

You can use filebeat. Check out how we send suricata logs in this series on video #3

@Que-tp1wc Год назад

How many gbs does it take to create all the labs

@ITSecurityLabs Год назад

I say about 400

@Huelilik Год назад

Awesome Bro ❤‍🔥

@Huelilik Год назад

Can t wait your New Tutorial...

@ITSecurityLabs Год назад

Thank you

@tebomokalake5551 11 месяцев назад

Did anyone experience any errors on Step 4. Enable HTTPS for Kibana?

@geraldjeffcoat392 11 месяцев назад

yes what I ended up doing was not logging into the server on step 3, instead went immediately into step 4 then login to the server. If it didn't finished I was able to refresh the browser and was good for https.

@SpeedySpeedy-qz5xy Год назад

So you know gns3?

@ITSecurityLabs Год назад

Yes, used it a lot in my CCNP CCNA days

@DeadCellHacking Год назад

awesome video but got to ask were can i fine my password at? for the login

@ITSecurityLabs Год назад

Try www.elastic.co/guide/en/elasticsearch/reference/master/reset-password.html

@ITSecurityLabs Год назад

You need to go to the elasticsearch binary location

@DeadCellHacking Год назад

@@ITSecurityLabs thank's for the heads up

@DeadCellHacking Год назад

@@ITSecurityLabs thank you this was a lot of help

@ken6197 Год назад

very thanksss

@MalwareHunter_07 4 месяца назад

elasticsearch stopped after sometime

@---tr9qg Год назад

👍🔥🔥🔥

@ican6401 Год назад

I ran into some issues, but all good 👍

@i9erek 3 месяца назад

You didn't show anything. You just kept pasting their documentation, half of them failed, you just ignored that and kept going on because it was already setup. Waste of my time.

@TaiCorp1759 Год назад

Thank you you for this video. When i tried to enable Https for kibana, it's asking " Enter password for CA (elastic-stack-ca.p12) How am i going to get that password

@hariprasathm9644 Год назад

same issue for me also

@muhannedambusaidi3502 Год назад

@@hariprasathm9644 i am having the same problem, have you fixed it?

@geraldjeffcoat392 11 месяцев назад

The password is the same that displays after the installation. But if you miss it you'll have to run a command to make a new one. I'm sorry command I didn't write down.

@hariprasathm9644 Год назад

When i tried to enable Https for kibana, it's asking " Enter password for CA (elastic-stack-ca.p12) How am i going to get that password