Rapid7 InsightIDR HoneyPot on Hyper-V or Azure!

Rapid7 uses deception technology within their cloud SIEM solution to detect malicious activity within the network. This easy-to-setup virtual appliance is available as an OVA file for the VMware platform.

A while ago I converted the virtual appliance to work on the Hyper-V platform and today we made the move to the Azure cloud. If your organisation is using Rapid7 InsightIDR and you would like to have the honeypot for azure or Hyper-V please send me a message and i’m happy to share our work with you.

If you want to build this yourself you can follow the guidelines below.

  • Download the virtual appliance from within the IDR platform;
  • Download Virtual box and convert the VMDK disk to VHD;
  • Create a new Hyper-V machine with the new VHD disk;
  • Start the VM and follow the wizard.

If you want to run the honeypot on Hyper-V you are done, use the on-screen activation code to activate the honeypot within InsightIDR. If you want to move the machine to Azure there are a few more steps to take.

  • Configure the machine locally on Hyper-V you won’t be able to connect to it remotely when running in azure. Make sure you choose the rights options for your azure network in the initial setup;
  • After configuring you might need to merge the AVHDX config file back into the VHD file;
  • Within a storage account create a container with blob sharing permissions;
  • Upload the configured VHD file;
  • Create a managed disk based on this VHD file;
  • Create a VM based on the VHD file for sizing you can use (Standard B1ms);
  • When the machine is running check out the boot diagnostics, you should see a screenshot with the honeypot activation token;
  • Configure the honeypot within InsightIDR, done!

Related blogs

DTX.nl gebruikt cookies om inzicht te krijgen in het gebruik van de website en deze zo goed mogelijk te laten werken. Daarnaast maken wij gebruik van Google Analytics om uw gebruik van onze website te analyseren. Wij slaan geen persoonlijke gegevens op. Wanneer u doorgaat met het bezoeken van onze website, gaan wij er van uit dat u hier mee instemt.