|
|
@@ -5,6 +5,11 @@
|
|
|
Prod: https://vmray.pvt.xdr.accenturefederalcyber.com
|
|
|
Test: https://vmray.pvt.xdrtest.accenturefederalcyber.com
|
|
|
|
|
|
+iso's are stored in `/opt/vmray/iso/`. I downloaded 3:
|
|
|
+ * `Win10_21H1_English_x32.iso`
|
|
|
+ * `Win10_21H1_English_x64.iso`
|
|
|
+ * `Win11_English_x64.iso`
|
|
|
+
|
|
|
VPN Required. SAML signon enabled.
|
|
|
|
|
|
# Summary
|
|
|
@@ -25,3 +30,33 @@ documentation and downloads are at: https://portal.vmray.com/customer/login?
|
|
|
### Install Log
|
|
|
|
|
|
Use the 'vmray' salt state to install and configure.
|
|
|
+
|
|
|
+
|
|
|
+### Installing a VM
|
|
|
+
|
|
|
+** Recommendation: Run this in a screen or tmux session so that you can reconnect if the vpn disconnects you **
|
|
|
+
|
|
|
+1. log into the _worker_
|
|
|
+2. `cd /opt/vmray/bin/`
|
|
|
+3. `sudo -u vmray ./vm_setup.py`
|
|
|
+4. Option 2 - VM Operations
|
|
|
+5. Option 1 - Create a new VM
|
|
|
+NOTE: No spaces in the name
|
|
|
+... follow instructions. Most defaults are fine. See page 48 of the OnPrem installation guide for an example
|
|
|
+6. Option 3 - Guest OS Operations
|
|
|
+7. Option 1 - Install OS
|
|
|
+8. Wait for the message `VM started. You can now connect via VNC (port :0)`. You can monitor the installation by using a VNC viewer to connect. VNC Ports start at 5900, so :0 is port 5900, :1 would be 5901, and so forth.
|
|
|
+9. After it returns to the main menu, select option 4, prepare VM for analysis, then option 2.
|
|
|
+10. Defaults are probalby fine. You do not need to use a proxy to download.
|
|
|
+11. After initialization completes, select option 4, prepare vm for analysis, and then option 3, create VM Snapshot. (NOTE: The documents specify that the snapshot is _not_ what we'd think of as a snapshot (i.e. a point in time image), but is something else... and you probably only need one named 'def' for each VM.)
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
Fred Damstra [afs macbook]