This post describes how to set up a test environment over a virtual machine (VM) using the Cybereason console.
Setting Up Your Environment
There are multiple parts to setting up your test environment:
- You need access to a “Cybereason console”. This is essentially a single dashboard where all malware/malop details are located. An example would be the console located at: https://integration.cybereason.net:8443/
- You need a Windows Virtual Machine to simulate malware and malop events. It is important that you do not do this on your host computer, as you may need to cut off all internet connection for a computer using the Cybereason console.
- You need to install the “Cybereason sensor” in the Windows Virtual Machine. The sensor communicates with the console and performs virus/malware scans on the VM.
- You can then generate malware and malop alerts in the VM and see them show up in the console.
Note that access to the Cybereason console is provided by Cybereason and requires an account.
Setting up the Windows Virtual Machine
The table below details the steps to setting up your Virtual Machine for the Cybereason console.
Triggering a malop from the VM
To begin testing and trigger malops from your VM, follow the instructions below:
- Download a small installer file such as CCleaner for FileZilla.
- In Windows Explorer, make sure that all file extensions are shown.
- Rename the file by inserting an extension. For example, rename ccsetup565.exe to ccsetup565.pdf.exe
- After 15 mins or so, this change should show up in your Cybereason console malop inbox. Be sure to sort by Last Activity time:
Triggering a malware alert from the VM
To trigger a test malware event in your VM, follow these steps:
- From inside the VM, navigate to the EICAR site https://www.eicar.org/?page_id=3950
- There, download the eicar.com file.
- That's it. The downloaded file should be classified as malware and should show up in the Cybereason console malware alerts
Metron has experience integrating Cybereason with multiple security platforms. If you are considering any custom solution, please send a note to firstname.lastname@example.org.