PurpleSharp is not available inside the tools directory #31
Comments
|
Yes, I will look into this and help get it resolved for you. It might be that the PurpleSharp download link has changed. I will verify. What do you mean by, Jason |
|
@iknowjason - Yes, the generator python script that creates this lab scenario |
|
I just tested on a new lab and PurpleSharp downloads. In your case it could have been any kind of issue like a temporary networking issue. I"m attaching three images of what you can check on your end. Why don't you just download PurpleSharp onto your system since it apparently didn't download? The bootstrap script shows the command. I will copy and paste it here. Open up a powershell admin session and type this: |
|
Take a look at the user_data logfile and see what you see here. It should show something like this. It might give a clue as to why it didn't work for you. This is what it looks like on my end, PurpleSharp automatically downloaded. 
If it didn't download, just run that powershell in comment above and it will download. 
|
|
After you run PurpleSharp it should be able to generate alerts. As for Windows Defender endpoint, I can't troubleshoot your system on that. |
Hi @iknowjason ,
as per the lab (Microsoft Sentinel lab with AD, deployed with terraform. Adds logging best practices with Sysmon.) demonstration PurpleSharp tool is supposed to be available in the tools directory of the host. However, when i ran the query or checked it manually i couldn't find any. Could you please look into this?
Also, i would like to know once this issue is resolved. After running this PrupleSharp adversary emulation tool. Would i be able to see the alerts in Defender for endpoint for the same?
PS: I have installed Defender for Endpoint on both hosts.
The text was updated successfully, but these errors were encountered: