VMRay Notes

VMRay Notes.md

@@ -29,8 +29,32 @@ documentation and downloads are at: https://portal.vmray.com/customer/login?
 
 ### Install Log
 
-Use the 'vmray' salt state to install and configure.
+Stand up via terraform.
+Apply the highstate, probably 2x to get 0 errors.
+Run 'pkg.upgrade'
+Run 'system.reboot'
 
+Login to web page with username and password: `admin@example.com` (same un and password)
+Add the license (license can be grabbed from https://portal.vmray.com/customer/login?) and restart.
+Navigate to user settings, update admin email address to xdr.eng@accenturefederal.com and update the password.
+Configure the system
+
+Under worker, click 'create worker'
+You'll have to provide the IP address, unfortunately.
+
+On the worker:
+```
+cd /opt/vmray
+sudo aws --region us-gov-east-1 s3 sync s3://afsxdr-binaries/iso iso
+sudo chown -R vmray:vmray iso
+sudo chmod 755 iso
+sudo find iso -type f -exec chmod 644 {} \;
+sudo find iso -type d -exec chmod 755 {} \;
+```
+
+Set up SSO
+
+Install a VM
 
 ### Installing a VM
 
@@ -50,13 +74,14 @@ NOTE: No spaces in the name
 10. Defaults are probalby fine. You do not need to use a proxy to download.
 11. After initialization completes, select option 4, prepare vm for analysis, and then option 3, create VM Snapshot. (NOTE: The documents specify that the snapshot is _not_ what we'd think of as a snapshot (i.e. a point in time image), but is something else... and you probably only need one named 'def' for each VM.)
 
+# Troubleshooting
 
+## 2022-03-01: Had error in detection-update.log:
+```
+requests.exceptions.SSLError: HTTPSConnectionPool(host='download.vmray.com', port=443): Max retries exceeded with url: /repository/platform-updates/yara/4.4/index.json (Caused by SSLError('Fingerprints did not match. Expected "fcb64419c025ddf06042e2461d30171c17627edc9bfefed277789f501ffb3d52", got "b\'ea8f4b0b6a3519f10343195473d6cf0a63f652a7242fc768c502e091cd57e198\'".'))
+```
 
-
-
-
-
-
-
+Fix: 
+Support sent an updated replacement file “communication_lib.so”.