Skip to main content

Harfanglab

Harfanglab

Description

The Harfanglab's EDR can be deployed within the simulation. It communicates from both Linux and Windows to a pre-configured Hurukai SIEM.

Configuration

Harfanglab EDR is configured to send its logs by proxy to the Hurukai's URL.

How to enable

You need to provide 4 differents inputs:

  • hurukai_host: IP address or hostname of the EDR Manager
  • hurukai_key: Pairing key of the agent with its manager
  • hurukai_sig: Public signature of the hurukai
  • hurukai_pass: Agent password
  • api_token: API token to use. This token is not used within lab's machines

Usage

Once the lab is running, you can inspect the alerts provided by logging in your hurukai_host URL.

img
img

On the dashboard, you can see different information, including:

  • the number of active agents in the lab
  • the alerts triggered with their severity level
  • the number of potential malwares

Security events can be associated with the MITRE ATT&CK Matrix in order to precise the techniques and tactics of each event.

Last update:
Copyright © 2025 AMOSSYS