Skip to content

mhatib/Mini-PpT-Infra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

51 Commits
setup
setup
Β 
Β 
README.md
README.md
Β 
Β 
Vagrantfile
Vagrantfile
Β 
Β 
run-vagrant.ps1
run-vagrant.ps1
Β 
Β 

Repository files navigation

Mini-PpT-Infra

This repository sets up a mini production-like SIEM infrastructure using Vagrant and VirtualBox.

πŸ“ Project Structure

Mini-PpT-Infra/
β”‚
β”œβ”€β”€ run-vagrant.ps1                     # βœ… Main wrapper script to automate the full setup
β”œβ”€β”€ Vagrantfile                         # βš™οΈ Defines the two VMs: 'siem' (Linux) and 'host' (Windows)
β”‚
└── setup/
    β”œβ”€β”€ setup_scripts/
    β”‚   β”œβ”€β”€ prereqs.ps1                 # πŸ“¦ Installs dependencies: Chocolatey, Vagrant, VirtualBox, VC Redistributables
    β”‚   β”œβ”€β”€ downloads.ps1               # ⬇️ Downloads necessary setup files (e.g., Splunk, Sysmon, configs)
    β”‚   β”œβ”€β”€ system_tweaks.ps1           # πŸ› οΈ Applies performance tweaks: disables sleep, increases virtual memory
    β”‚   β”œβ”€β”€ siem_setup.sh              # πŸ”§ Configures Splunk Enterprise on SIEM VM
    β”‚   └── windows_host_setup.ps1     # πŸ–₯️ Sets up Windows host with Sysmon, Splunk Forwarder, and security configs
    β”‚
    └── setup_files/                    # πŸ“ Contains all supporting installation assets (.msi, .zip, .xml, etc.)
        β”œβ”€β”€ host/

βœ… Prerequisites

  • Windows host system
  • PowerShell (run as Administrator)
  • Internet connection

πŸš€ Getting Started

  1. Clone the repository:

    git clone https://github.com/mhatib/Mini-PpT-Infra.git
cd Mini-PpT-Infra

  2. Run the setup script: Run this as Administrator:

    .\run-vagrant.ps1

    This script:

    • Installs prerequisites (VirtualBox, Vagrant, Chocolatey, VC Redist)
    • Downloads all required setup files
    • Provisions and configures VMs (SIEM and Windows Host)

  3. Reboot When Prompted: After the prerequisites step, you'll be prompted to reboot. Once rebooted, re-run the same script to continue.

πŸ’ͺ Vagrant Machines

  • SIEM (192.168.111.100)

    • Ubuntu (bionic64)
    • Splunk Enterprise + Sysmon Add-on

  • Host (192.168.111.151)

    • Windows 10 (via gusztavvargadr/windows-10)
    • Sysmon, Splunk Universal Forwarder, auditing policies, etc.

πŸ”„ Notes

  • The script tracks progress via .setup_progress to prevent re-running completed steps.
  • If a VM fails to start (especially SIEM), delete the VM in VirtualBox GUI and run vagrant up
  • The Cursor installation requires manual intervention - you'll be prompted during setup

πŸ”„ Re-running from Scratch

To clear the cache and re-run the installation script from the scratch, first run this command in Administrator PowerShell:

Remove-Item "$env:ProgramData\MiniPpT-Infra\setup-status.txt" -Force -ErrorAction SilentlyContinue

Then re-run the main script:

.\run-vagrant.ps1

πŸ“ž Support

For questions or issues, please open a GitHub issue or contact @mhatib.

Happy hunting! πŸ›‘οΈ

About

Refactored infra for Host + SIEM VMs using Vagrant

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages