-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PurpleSharp is not available inside the tools directory #31
Comments
Yes, I will look into this and help get it resolved for you. It might be that the PurpleSharp download link has changed. I will verify. What do you mean by, Jason |
@iknowjason - Yes, the generator python script that creates this lab scenario |
I just tested on a new lab and PurpleSharp downloads. In your case it could have been any kind of issue like a temporary networking issue. I"m attaching three images of what you can check on your end. Why don't you just download PurpleSharp onto your system since it apparently didn't download? The bootstrap script shows the command. I will copy and paste it here. Open up a powershell admin session and type this:
|
After you run PurpleSharp it should be able to generate alerts. As for Windows Defender endpoint, I can't troubleshoot your system on that. |
Hi @iknowjason ,
as per the lab (Microsoft Sentinel lab with AD, deployed with terraform. Adds logging best practices with Sysmon.) demonstration PurpleSharp tool is supposed to be available in the tools directory of the host. However, when i ran the query or checked it manually i couldn't find any. Could you please look into this?
Also, i would like to know once this issue is resolved. After running this PrupleSharp adversary emulation tool. Would i be able to see the alerts in Defender for endpoint for the same?
PS: I have installed Defender for Endpoint on both hosts.
The text was updated successfully, but these errors were encountered: