8000 GitHub - RamboV/VMRaySentinel
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

RamboV/VMRaySentinel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
Images
Images
 
 
LogicApps
LogicApps
 
 
VMRayEnrichment
VMRayEnrichment
 
 
VMRayThreatIntelligence
VMRayThreatIntelligence
 
 
README.md
README.md
 
 
URLS.csv
URLS.csv
 
 

Repository files navigation

VMRay Feed and VMRay Enrichment For Microsoft Sentinel

Latest Version: beta - Release Date:

Overview

Requirements

VMRay Configurations

  • In VMRay Console, you must create a Connector API key.Create it by following the steps below:

    1. Create a user dedicated for this API key (to avoid that the API key is deleted if an employee leaves)
    2. Create a role that allows to "View shared submission, analysis and sample" and "Submit sample, manage own jobs, reanalyse old analyses and regenerate analysis reports".
    3. Assign this role to the created user
    4. Login as this user and create an API key by opening Settings > Analysis > API Keys.
    5. Please save the keys, which will be used in confiring the Azure Function.

Microsoft Sentinel

Creating Application for API Access

01

  • Click Add->App registration.

02a

  • Enter the name of application and select supported account types and click on Register.

02

  • In the application overview you can see Application Name, Application ID and Tenant ID.

03

  • We need secrets to access programmatically. For creating secrets
    • Click Manage->Certificates & secrets tab
    • Click Client secrets tab
    • Click New client secret button
    • Enter description and set expiration date for secret

10

  • Use Secret Value to configure connector.

11

Provide Permission To App Created Above

04

  • Goto Access Control(IAM) -> Add

05

  • Search for Microsoft Sentinel Contributor and click Next

06

  • Select User,group or service principle and click on select members.
  • Search for the app name created above and click on select.
  • Click on Next

07

  • Click on Review + assign

08

Deploy VMRay Sentinel Feed App

  • Click on below button to deploy VMRay Sentinel Feed app:

    Deploy to Azure

  • It will redirect to feed Configuration page. 09

  • Please provide the values accordingly.

7ADD
Fields Description
Subscription Select the appropriate Azure Subscription
Resource Group Select the appropriate Resource Group
Region Based on Resource Group this will be uto populated
Function Name Please provide a function name if needed to change the default value
Vmray Base URL VMRay Base URL
Vmray API Key VMRay API Key
Azure Client ID Enter the Azure Client ID created in the App Registration Step
Azure Client Secret Enter the Azure Client Secret created in the App Registration Step
Azure Tenant ID Enter the Azure Tenant ID of the App Registration
Azure Workspacse ID Enter the Azure Workspacse ID
App Insights Workspace Resource ID Go to Log Analytics workspace -> Settings -> Properties, Copy Resource ID and paste here
  • Once you provide the above values, please click on Review + create button.

Deployment of Function App Zip package

  • Download the zip package from the VMRayThreatIntelligence folder.
  • Open https://portal.azure.com/ and search Storage accounts service.

14

  • Open the storage account, the name starts with vmraystorage.
  • Go to Storage Browser -> Blob Containers, click on container, the name starts with vmraycontainer.
  • Click on Switch to Access key.

15a

  • Upload the downloaded zip package to the container.

15

Deploy VMRay Enrichment App

  • Click on below button to deploy VMRay Sentinel Feed app:

    Deploy to Azure

  • It will redirect to feed Configuration page. 13

  • Please provide the values accordingly

Fields Description
Subscription Select the appropriate Azure Subscription
Resource Group Select the appropriate Resource Group
Region Based on Resource Group this will be uto populated
Function Name Please provide a function name if needed to change the default value
Vmray Base URL VMRay Base URL
Vmray API Key VMRay API Key
Resubmit If true file will be resubmitted to VMRay
App Insights Workspace Resource ID Go to Log Analytics workspace -> Settings -> Properties, Copy Resource ID and paste here
  • Once you provide the above values, please click on Review + create button.

Deploy VMRay Logic Apps

Deploy Submit-URL-VMRay-Analyzer

  • Click on below button

Deploy to Azure

  • It will redirect to configuration page
  • please click on Review + create button

Deploy VMRay-Sandbox_Outlook_Attachment

  • Click on below button

Deploy to Azure

  • It will redirect to configuration page
  • please click on Review + create button

Provide Permission to Logic app

04

  • Goto Access Control(IAM) -> Add

05

  • Search for Microsoft Sentinel Contributor and click Next

06

  • Select User,group or service principle and click on select members .
  • Search for the Logic app name deployed above and click on select.
  • Click on Next

38

  • Click on Review + assign

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published
0