1: Lab Setup
We'll break this down into the two options for setting up the lab: Self-Hosted and the Managed Environment.
Self-Hosted
To complete the lab, you'll need the following:
- Visual Studio Code
- Infected Webroot Files
- A web browser pointed to https://siem.whisperwolf.net
We'll be using VSCode as our text editor of choice in this lab. You can use any editor you like, but the examples will be in VSCode.
If you download the files to your own Windows system, Windows Defender may alert on certain files (and spoil the lab). But don't worry; no actual malware is in the infected webroot! Once downloaded, unzip the file.
Managed Environment
We're excited to provide a new (experimental) lab environment for this village: a whole desktop environment accessible directly from your browser.
To request access to the lab, drop a message saying "Lab Access Request" in the Village Slack channel. A TTI volunteer will DM you a link and credentials to access your desktop environment, which will be available for 2 hours. Please note that lab access slots are limited, so if there is high demand, there may be a wait.
Your desktop has VSCode already installed, and the necessary webroot files are on the Desktop.
When the desktop loads, be sure to allow access to the clipboard!
Now, let's learn how to access and use the SIEM.