A few notes
This wiki page explains how to setup a MDR data collector VM in Hyper-V. The content is still under development
Accessing the Hyper-V Server
-
Use Team Viewer to access the Ubuntu VM in your test environment
-
Click on the RDP Client icon in the taskbar.
-
Double-click on the
WinServer2016
entry
Creating and Downloading the VM
-
Login to your Central account
-
Create an integration selecting
Hyper-V
for the virtual platform* -
Download the image once it is ready
Installing the VM
-
Extract the zip file into a new folder under the users directory
-
Navigate to the new folder, right click on the
ndr-sensor
file, and selectRun with PowerShell
-
Use the same values for each question as shown in the last image below
Running the VM
-
Open the Hyper-V Manager application, you should see the newly installed VM under
Virtual Machines
-
Click on the VM, then in the lower right pane, select
Start
and thenConnect
Configuring Network Interface to be used
Example below:
Use below settings :
TESTING - Send data for malware detections
In terminal run: pcaprunner -r 2022-02-25-Emotet-epoch5-with-Cobalt-Strike.pcap -d 10.0.253.5 -s