Skip to content

Commit

Permalink
added threatmapper blog
Browse files Browse the repository at this point in the history
  • Loading branch information
sivolko committed Dec 18, 2023
1 parent fa7cf26 commit b9addaf
Show file tree
Hide file tree
Showing 39 changed files with 749 additions and 330 deletions.
156 changes: 151 additions & 5 deletions _posts/2023-12-17-How-to-install-threatmapper-in-kali-linux.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,160 @@ layout: post
title: How to install ThreatMapper in Kali Linux?
subtitle: One of the best CNAPP
description: This is to install Open source CNAPP tool Threat Mapper in Kali Machine
image: https://th.bing.com/th/id/OIP.4iyoklvcRYZRDAi1HOKt0gHaEW?w=271&h=180&c=7&r=0&o=5&pid=1.7
optimized_image: https://th.bing.com/th/id/OIP.4iyoklvcRYZRDAi1HOKt0gHaEW?w=271&h=180&c=7&r=0&o=5&pid=1.7
image: https://assets-global.website-files.com/63eaa07bbe370228bab003ea/644292bf096fd43dfd6532d4_image2-p-800.png
optimized_image: https://assets-global.website-files.com/63eaa07bbe370228bab003ea/644292bf096fd43dfd6532d4_image2-p-800.png
author: Shubhendu Shubham
date: 2023-12-17 00:00:00 Z
category: security
tags:
- azure
- Microsoft Sentinel
- Cyber Security
- Threat Intelligence
---
---
Before starting, let's understand a few terms,what is CNAPP?
CNAPP aka cloud Native Application Protection Platform is all-in one cloud-native software platform that simplifies DevSecops practices.This term **CNAPP was orignally coined by Gartner in 2021** CNAPPs make it simpler to embed security into the application lifecycle while providing superior protection for cloud workloads and data. A few core features of CNAPP are:-

1. No Vendor Locking, with multi cloud support
2. TI(Threat Intelligence)integration
3. Shifted Left DevOps Security Management
4. Centralised Compliance and Permissions
5. Comprehensive cloud workload protection

Now let's understand briefly what is **ThreatMapper**?

ThreatMapper is an opensource CNAPP version of ThreatStryker, developed by [Deepfence](https://www.deepfence.io/threatmapper).It gives both agent and agentless based scanning options.

**Components**:-
ThreatMapper consists of 2 components:-
1. ThreatMapper Console : It integrates with Infrastructure API to scan & detect config errors, compliance posture with the help of data collected from sensors. It generated SBOMs to find vulnerabilities.
2. ThreatMapper Sensors: These sensors support different types of platforms like K8S, Docker, Bare Metal, AWS fargate.

Architecture :-

![Image source Deepfence!](https://community.deepfence.io/threatmapper/assets/images/threatmapper-components-5df1ba6044bd031a7f541358814bb9ed.jpg "Image source Deepfence")

**Installation**

For prerequisite please visit offical documentation by [Deepfence](https://community.deepfence.io/threatmapper/docs/console/requirements/)

In this blog I'm referring official (GitHub Repo](https://github.com/deepfence/ThreatMapper)

**Management Console Installation**
```
# Docker installation process for ThreatMapper Management Console
wget https://github.com/deepfence/ThreatMapper/raw/release-2.1/deployment-scripts/docker-compose.yml
```
Execute the following command to install and start the latest build of the Console
```
docker compose up -d
```
Now Let me run command **docker ps** to see all running images
![Image](https://res.cloudinary.com/hugs4bugs/image/upload/v1702884578/hugs4bugs/Screenshot_2023-12-18_12_58_26_ow04dq.png "Docker Image")

Now Find my local IP using 'ifconfig' command in linux terminal and paste IP address in browser, default deepfence login/signup page will pop-up click on registration for first time user.

![Default](https://res.cloudinary.com/hugs4bugs/image/upload/v1702884832/hugs4bugs/login_mwfroo.jpg)

Registration page ![Image](https://res.cloudinary.com/hugs4bugs/image/upload/v1702884913/hugs4bugs/reg_hbppbs.jpg)

**Dashboard**

Default dashboard will appear and we need to add connectors

![Connector](https://res.cloudinary.com/hugs4bugs/image/upload/v1702885100/hugs4bugs/dashboard_r7w2uj.jpg)

**Main Dashboard**

![image](https://res.cloudinary.com/hugs4bugs/image/upload/v1702886176/hugs4bugs/dass_opjiqk.jpg)

Now I'll connect my Azure cloud provider single subscription as data connector via Terraform.
so let's create a terraform basic file (yourfilename).tf

```
touch cloud-scanner.tf
```

Now paste the following command and replace it with your Azure subscription ID, ThreatMapper API, URL etc

```
provider "azurerm" {
features {}
subscription_id = "<SUBSCRIPTION_ID eg. XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX>"
}
module "cloud-scanner_example_single-subscription" {
source = "deepfence/cloud-scanner/azure//examples/single-subscription"
version = "0.2.0"
mgmt-console-url = "<Console URL> eg. XXX.XXX.XX.XXX"
mgmt-console-port = "443"
deepfence-key = "<Deepfence-key> eg. XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
name = "deepfence-cloud-scanner"
image = "quay.io/deepfenceio/cloud-scanner:2.0.1"
}
```
Then initalise terraform inside directory using command

```
terraform init
```

![image](https://res.cloudinary.com/hugs4bugs/image/upload/v1702886516/hugs4bugs/tff_ithxuc.png)

Then run command

```
terraform plan
```
![image](https://res.cloudinary.com/hugs4bugs/image/upload/v1702887309/hugs4bugs/tf_bjb2l8.png)

then run command

```
terraform apply
```
to remove scan and connection, run command 'terraform destroy'

## Linux Host

Now let's scan my own local machine which is runnig as Kali linux as bare metal Linux host.For this we have to install sensors. follow [official page](https://community.deepfence.io/threatmapper/docs/v2.0/sensors/docker/) for information

commands

```
docker run -dit \
--cpus=".2" \
--name=deepfence-agent \
--restart on-failure \
--pid=host \
--net=host \
--log-driver json-file \
--log-opt max-size=50m \
--privileged=true \
-v /sys/kernel/debug:/sys/kernel/debug:rw \
-v /var/log/fenced \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /:/fenced/mnt/host/:ro \
-e USER_DEFINED_TAGS="" \
-e MGMT_CONSOLE_URL="---CONSOLE-IP---" \
-e MGMT_CONSOLE_PORT="443" \
-e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \
deepfenceio/deepfence_agent_ce:2.0.1
```
After this there will be change in connected Devices --> visit Topology and Hosts

![image](https://res.cloudinary.com/hugs4bugs/image/upload/v1702888100/hugs4bugs/kali_baflg5.jpg)

Now there is no scans ![image](https://res.cloudinary.com/hugs4bugs/image/upload/v1702888251/hugs4bugs/noscan_duznsu.jpg)initiated,let's start quicks Vulnerability scan from top left **Action** button.

Here I'm doing only OS SCAN
![Scan](https://res.cloudinary.com/hugs4bugs/image/upload/v1702888469/hugs4bugs/sp_dewc0c.jpg)

Meanwhile we can check same from Vulnerability blade from right side.

![image](https://res.cloudinary.com/hugs4bugs/image/upload/v1702888658/hugs4bugs/vb_pawxws.jpg)

Remarks :-

Doing bare metal/Host OS Vulnerability scan, there might be spikes in Memory and CPU usages.

Thanks for reading blog, keep troubleshooting
18 changes: 9 additions & 9 deletions _site/2021-08-2-Understanding-basics-of-security/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -340,29 +340,29 @@ <h2>See also</h2>


<li>
<a href="/college-to-cyber-security/">
<a href="/what-is-chat-gpt/">

<img src="https://images.unsplash.com/photo-1562813733-b31f71025d54?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=869&q=80">
<img src="https://images.pexels.com/photos/7108/notebook-computer-chill-relax.jpg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">

<h3>College to Cyber Security Journey</h3>
<h3>What is chatGpt? How to use it?</h3>
</a>
</li>

<li>
<a href="/Progressive-web-app/">
<a href="/the-blue-team-protecting-you/">

<img src="https://images.unsplash.com/photo-1522071820081-009f0129c71c?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=870&q=80">
<img src="https://cdn.pixabay.com/photo/2017/11/19/23/56/hacking-2964100_960_720.jpg">

<h3>Progressive WebApp.</h3>
<h3>The Blue Team.☠️</h3>
</a>
</li>

<li>
<a href="/kali-linux-vs-parrot-linux/">
<a href="/How-to-install-threatmapper-in-kali-linux/">

<img src="https://cdn.pixabay.com/photo/2018/04/22/22/57/hacker-3342696_960_720.jpg">
<img src="https://assets-global.website-files.com/63eaa07bbe370228bab003ea/644292bf096fd43dfd6532d4_image2-p-800.png">

<h3>Kali Linux vs Parrot OS</h3>
<h3>How to install ThreatMapper in Kali Linux?</h3>
</a>
</li>

Expand Down
18 changes: 9 additions & 9 deletions _site/Automation-with-Jenkins-and-Github/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -473,29 +473,29 @@ <h2>See also</h2>


<li>
<a href="/what-is-chat-gpt/">
<a href="/azure-networking-101/">

<img src="https://images.pexels.com/photos/7108/notebook-computer-chill-relax.jpg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">
<img src="https://th.bing.com/th/id/Rb3e6202f5356edebd8c8205623eef0f1?rik=2tDqbcLpDFguLg&riu=http%3a%2f%2fwww.shadowandy.net%2fwp%2fwp-content%2fuploads%2fdocker.png&ehk=d2o4OLvE5SZOjrajjCgOCdzXQ9xmehUy6vTEhPPFi3c%3d&risl=&pid=ImgRaw">

<h3>What is chatGpt? How to use it?</h3>
<h3>Azure Networking 101</h3>
</a>
</li>

<li>
<a href="/cloud-native-CNAPP-tool-Microsoft-defender-for-cloud-101/">
<a href="/What-is-Microsoft-Defender-Threat-Intelligence(MDTI)/">

<img src="https://cdn-dynmedia-1.microsoft.com/is/image/microsoftcorp/MS%20Defender%20for%20Cloud%20R6?resMode=sharp2&op_usm=1.5,0.65,15,0&wid=1800&qlt=100&fmt=png-alpha&fit=constrain">
<img src="https://images.pexels.com/photos/10782398/pexels-photo-10782398.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">

<h3>Microsoft Defender for Cloud 101</h3>
<h3>What is Microsoft Defender Threat Intelligence</h3>
</a>
</li>

<li>
<a href="/Fundamentals-of-Network-security/">
<a href="/automation-with-firebase-and-ruby/">

<img src="https://images.unsplash.com/photo-1563986768609-322da13575f3?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=750&q=80">
<img src="https://images.pexels.com/photos/4506940/pexels-photo-4506940.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">

<h3>Fundamentals of Network Security.☠️</h3>
<h3>Automate Firebase hosting with Github Actions and Ruby.</h3>
</a>
</li>

Expand Down
18 changes: 9 additions & 9 deletions _site/Docker-101/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -619,29 +619,29 @@ <h2>See also</h2>


<li>
<a href="/storing-and-managing-secrets-using-azure-vault/">
<a href="/Fundamentals-of-Network-security/">

<img src="https://images.unsplash.com/photo-1550439062-609e1531270e?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=800&q=80">
<img src="https://images.unsplash.com/photo-1563986768609-322da13575f3?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=750&q=80">

<h3>Managing and Storing Secrets:Azure Vault.🙆</h3>
<h3>Fundamentals of Network Security.☠️</h3>
</a>
</li>

<li>
<a href="/How-to-onboard-your-Microsoft-Sentinel-from-scratch/">
<a href="/blue-team-vs-red-team-in-cyber-security/">

<img src="https://th.bing.com/th/id/OIP.4iyoklvcRYZRDAi1HOKt0gHaEW?w=271&h=180&c=7&r=0&o=5&pid=1.7">
<img src="https://images.pexels.com/photos/1595385/pexels-photo-1595385.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">

<h3>How to onboard your first Microsoft sentinel SIEM tool?</h3>
<h3>Blue Team vs Red Team</h3>
</a>
</li>

<li>
<a href="/waf-vs-firewall/">
<a href="/Progressive-web-app/">

<img src="https://images.pexels.com/photos/1714208/pexels-photo-1714208.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">
<img src="https://images.unsplash.com/photo-1522071820081-009f0129c71c?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=870&q=80">

<h3>WAF vs Firewall</h3>
<h3>Progressive WebApp.</h3>
</a>
</li>

Expand Down
18 changes: 9 additions & 9 deletions _site/Fundamentals-of-Network-security/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -479,29 +479,29 @@ <h2>See also</h2>


<li>
<a href="/Progressive-web-app/">
<a href="/Progressive-webapps-on-azure/">

<img src="https://images.unsplash.com/photo-1522071820081-009f0129c71c?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=870&q=80">
<img src="https://th.bing.com/th/id/R.49bd0ccbb9e904407116b65ce6a50d41?rik=1KXzdiLejsH2eA&riu=http%3a%2f%2fclipground.com%2fimages%2fcoder-clipart-1.jpg&ehk=xl5oxtd6bHoDW1%2f3HB007zg97209vFB75YXyIskHtPg%3d&risl=&pid=ImgRaw&r=0">

<h3>Progressive WebApp.</h3>
<h3>Building and Deploying PWA on Azure Cloud.</h3>
</a>
</li>

<li>
<a href="/cloud-native-CNAPP-tool-Microsoft-defender-for-cloud-101/">
<a href="/computer-networking-basics/">

<img src="https://cdn-dynmedia-1.microsoft.com/is/image/microsoftcorp/MS%20Defender%20for%20Cloud%20R6?resMode=sharp2&op_usm=1.5,0.65,15,0&wid=1800&qlt=100&fmt=png-alpha&fit=constrain">
<img src="https://res.cloudinary.com/hugs4bugs/image/upload/v1620918379/Networking/photo_2021-04-04_23-19-26_ylhetf.jpg">

<h3>Microsoft Defender for Cloud 101</h3>
<h3>Computer Networking 101</h3>
</a>
</li>

<li>
<a href="/bulid-and-deploy-MERN-stack-in-Azure-cosmos-DB/">
<a href="/How-to-onboard-your-Microsoft-Sentinel-from-scratch/">

<img src="https://images.unsplash.com/photo-1504384308090-c894fdcc538d?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=1500&q=80">
<img src="https://th.bing.com/th/id/OIP.4iyoklvcRYZRDAi1HOKt0gHaEW?w=271&h=180&c=7&r=0&o=5&pid=1.7">

<h3>Anyone can build: node.js+ Cosmos DB in Azure </h3>
<h3>How to onboard your first Microsoft sentinel SIEM tool?</h3>
</a>
</li>

Expand Down
Loading

0 comments on commit b9addaf

Please sign in to comment.