Configuration Cuckoo

Install Cuckoo and configure it as described on their website: http://docs.cuckoosandbox.org/en/latest/installation/

Please ensure to configure cuckoo as described in the chapter installation including the sections Preparing the Host and Preparing the Guest. In order to start and stop cuckoo as a service, supervisord needs to be installed. Supervisord can be installed under Ubuntu with the following command:

apt-get install supervisor

Additionally, further software is needed on the analysis VM. If Splunk is used as SIEM solution in Ypsilon, a Splunk Universal Forwarder needs to be installed on the analysis VM. This is described under the following link: http://docs.splunk.com/Documentation/Forwarder/7.1.0/Forwarder/InstallaWindowsuniversalforwarderfromaninstaller

Depending on your Use Case, which you want to test, the appropriate logs needs to be collected. Therefore, the Splunk Universal Forwarder needs an inputs.conf and output.conf described under the following link: http://docs.splunk.com/Documentation/Splunk/7.0.3/Data/Configureyourinputs https://docs.splunk.com/Documentation/Forwarder/7.0.1/Forwarder/Configureforwardingwithoutputs.conf

In some cases, additional software needs to be installed on the analysis VM to collect the logs. For example, Sysmon allows you to have more specific logs on a Windows machine. A tutorial, how to install and configure Sysmon on the analysis VM can be found under the following link: https://cqureacademy.com/blog/server-monitoring/sysmon