Activity 1: Login & Setup of the Cyber Environment
Okay Cyber Defenders! The first thing you need to do is set up the environment in which you will be hunting hackers. In order to do that, open the links below and follow the directions on first setting up Azure Data Explorer (ADX) and then logging into the Scoreboard session.
Setting Up Azure Data Explorer (ADX)
ADX is the primary tool used by some cyber defenders for data exploration and analysis. The great thing about ADX is that it is used by cyber analysts at many of the smallest and largest organizations in the world.
Let’s get you logged in and started with ADX:
- Go to Azure Data Explorer
and login with your Microsoft account
- If you don’t have a Microsoft account already, create one now (they are free to make)
- Click the Query tab on the left side of the screen.
Data in ADX is organized in a hierarchical structure which consists of clusters, databases, and tables. All of Envolve Labs’s security logs are stored in a single cluster. You’ll need to add this cluster to your ADX interface so you can start looking at the log data
- Add a new cluster using the cluster URI provided by your instructor
- Click add cluster
- Enter Connection URI: mstictraining.eastus
- Select your database
- Expand the dropdown arrow next to your cluster. You should then see one database, called SecurityLogs inside it.
- Expand the dropdown arrow next to the SecurityLogs database.
- Click on the SecurityLogs database. Once you’ve done this, you should see the database highlighted- this means you’ve selected the database and are ready to query the tables inside.
The big blank space to the right of your cluster list is the query workspace. That’s where you will use KQL code to write what we call queries, which are used to interact with our log data.
- After going to the Scoreboard website , create a user account. Be sure to use a username and password you can remember as it will then immediately ask you to login.
- Click on the green button “Join a new game”
- Once you’re in, enter the session password: GAMEON
You should see the Scoreboard now, when you go to the challenges tab, you should see a list like in the image below. We’ll need this later in the training so feel free to minimize the Scoreboard but keep it ready to use.