|
1 | 1 | # Detection Lab |
2 | 2 |
|
| 3 | +--- |
| 4 | + |
3 | 5 | ## DetectionLab Intro |
4 | 6 |
|
5 | 7 | _DetectionLab is a repository containing a variety of `Packer`, `Vagrant`, `Powershell`, `Ansible`, and `Terraform` scripts that allow you to automate the process of bringing an ActiveDirectory environment online complete with logging and security tooling using a variety of different platforms. **DetectionLab was built with defenders in mind**._ |
@@ -29,6 +31,8 @@ Read more about DetectionLab on Medium [here](https://medium.com/@clong/introduc |
29 | 31 |
|
30 | 32 |  |
31 | 33 |
|
| 34 | +--- |
| 35 | + |
32 | 36 | ### Primary Lab Features |
33 | 37 |
|
34 | 38 | > * **Microsoft Advanced Threat Analytics** is installed on the `WEF` machine, with the lightweight ATA gateway installed on the `DC` |
@@ -122,20 +126,19 @@ Read more about DetectionLab on Medium [here](https://medium.com/@clong/introduc |
122 | 126 | > * Velociraptor server |
123 | 127 | > |
124 | 128 | > #### Splunk Indexes |
125 | | -
|
126 | | -| Index Name | Description | |
127 | | -| ------------------------------ | --------------------------------------------------------------------------------------------------------------------- | |
128 | | -| evtx\_attack\_samples | Samples from [https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES) | |
129 | | -| osquery | osquery/Fleet result logs | |
130 | | -| osquery-status | osquery/fleet INFO/WARN/ERROR logs | |
131 | | -| powershell | Powershell transcription logs | |
132 | | -| suricata | Suricata IDS logs | |
133 | | -| sysmon | Logs from the Sysmon service | |
134 | | -| threathunting | Used for the ThreatHunting app | |
135 | | -| wineventlog | Windows Event Logs | |
136 | | -| zeek | Zeek network traffic logs | |
137 | | -| ### Installed Tools on Windows | | |
138 | | - |
| 129 | +> |
| 130 | +> | Index Name | Description | |
| 131 | +> | ------------------------------ | ------------------------------------------------------------ | |
| 132 | +> | evtx_attack_samples | Samples from https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES | |
| 133 | +> | osquery | osquery/Fleet result logs | |
| 134 | +> | osquery-status | osquery/fleet INFO/WARN/ERROR logs | |
| 135 | +> | powershell | Powershell transcription logs | |
| 136 | +> | suricata | Suricata IDS logs | |
| 137 | +> | sysmon | Logs from the Sysmon service | |
| 138 | +> | threathunting | Used for the ThreatHunting app | |
| 139 | +> | wineventlog | Windows Event Logs | |
| 140 | +> | zeek | Zeek network traffic logs | |
| 141 | +> | ### Installed Tools on Windows | | |
139 | 142 | > * Sysmon |
140 | 143 | > * Velociraptor Agent |
141 | 144 | > * osquery |
@@ -298,6 +301,8 @@ Read more about DetectionLab on Medium [here](https://medium.com/@clong/introduc |
298 | 301 | * Clone the DetectionLab repo into the dedicated folder |
299 | 302 |
|
300 | 303 | ```powershell |
| 304 | +cd X:\VIRTUALBOX # in my case |
| 305 | +
|
301 | 306 | git clone https://github.com/clong/DetectionLab.git |
302 | 307 | ``` |
303 | 308 |
|
@@ -461,6 +466,8 @@ vagrant destroy |
461 | 466 |
|
462 | 467 | * 🔗 Check the [Usage official repo](https://detectionlab.network/usage/) |
463 | 468 |
|
| 469 | +--- |
| 470 | + |
464 | 471 | ## DetectionLab Customization |
465 | 472 |
|
466 | 473 | * 🔗 Check the [Customization official repo](https://detectionlab.network/customization/) |
|
0 commit comments