Rapid7 InsightIDR HoneyPot on Hyper-V or Azure!

Rapid7 uses deception technology within their cloud SIEM solution to detect malicious activity within the network. This easy-to-setup virtual appliance is available as an OVA file for the VMware platform.

A while ago I converted the virtual appliance to work on the Hyper-V platform and today we made the move to the Azure cloud. If your organisation is using Rapid7 InsightIDR and you would like to have the honeypot for azure or Hyper-V please send me a message and i’m happy to share our work with you.

If you want to build this yourself you can follow the guidelines below.

  • Download the virtual appliance from within the IDR platform;
  • Download Virtual box and convert the VMDK disk to VHD;
  • Create a new Hyper-V machine with the new VHD disk;
  • Start the VM and follow the wizard.

If you want to run the honeypot on Hyper-V you are done, use the on-screen activation code to activate the honeypot within InsightIDR. If you want to move the machine to Azure there are a few more steps to take.

  • Configure the machine locally on Hyper-V you won’t be able to connect to it remotely when running in azure. Make sure you choose the rights options for your azure network in the initial setup;
  • After configuring you might need to merge the AVHDX config file back into the VHD file;
  • Within a storage account create a container with blob sharing permissions;
  • Upload the configured VHD file;
  • Create a managed disk based on this VHD file;
  • Create a VM based on the VHD file for sizing you can use (Standard B1ms);
  • When the machine is running check out the boot diagnostics, you should see a screenshot with the honeypot activation token;
  • Configure the honeypot within InsightIDR, done!


SOC Visibility Triad
1 bestand(en) 346.78 KB

We make IT

Wilt u een IT partner die met u mee denkt en het beste uit uw IT omgeving haalt?
Dan bent u bij Dutch Technology eXperts aan het juiste adres!

Bel mij voor een afspraak

We make IT

Wil jij een IT partner die met je mee denkt en het beste uit jouw IT omgeving haalt?
Dan ben je bij Dutch Technology eXperts aan het juiste adres!

Bel mij voor een afspraak