Installation process on virtual box

hello, im a fresh graduate and i have an internship at a certain company and my job is to download and install OPNids and try some experiments such as testing pcap files and how OPNids will respond and the dragon fly machine.

so i downloaded [OPNids-18.9-OpenSSL-dvd-amd64.iso.bz2] and used virtual box but im kinda stuck i cannot open the GUI i dont know why and im very beginner in this field. can somone please give me detailed steps on how i can configure everything and to be able to test the pcap files.

here is where im stuck at

this is my task exactly:
In this task, we would like to download, install, and successfully run the following
tool: https://www.opnids.io/ which is mainly a machine learning on top of IDS. Building such capability will add the machine
learning taste to our platform, this is something we are very interested to add today.

Steps of the tasks can be found here

1- Download the tool
2- Install the tool
3- Run successfully the tool
4- Test the logs of the IDS if it works by using some sample data such as this one dns-remoteshell.pcap found at https://wiki.wireshark.org/SampleCaptures
5- Test the machine learning, provides us results via 2-5 slides presentation on the possible
output we can have. This will include maybe explanation on the DragonFly Machine Learning Engine.
6- Test the visualization of results via its dashboard
7- Provide basic documentation based on your notes, commands, and experience.

Hello opnids99,

Looks like this is a fresh install of OPNIds and it looks like the first run after installation is complete.

To get to the GUI, you’ll need to do some configuration:

  1. Login to the console using default username/password (root/opnids)

After login:
2. Choose Option 2 (Set interface IP address)
3. Set the appropriate address type and IP (DHCP or Static) for MGT (pcn0) based on your networking setup of VM.
4. Set the TAP as unconfigured (NO DHCP or IP)
5. After the configuration is saved and made effective, you should be able to access the GUI on the IP address configured on MGT.
6. Sometimes, for the new routing table to take effect, you’ll need to perform a reboot.

Please let us know if these steps help.

thank you for your response,

i have tried to follow the steps but it did not work and there was no IP appearing at all even after the reboot.

i tried to do the same steps on the Vmware and it worked and i had access to the GUI but i have some question. do i need an ip for MGT and also TAP because on VMware it set up only the TAP and i had access to the GUI if i set both the TAP and MGT the GUI does not respond.

and one more thing if you have an idea on how i can test the logs of IDS as i posted in the first reply?

sorry for the stupid questions but this is my first time trying to work with an IDS or a system as you know im a fresh graduate…

here is where i reached

update this is the logs i recieve when i try to download pcap file if someone can explain them to me. and in the dragon machine i am not getting any logs regarding the pcap file why is that.

this is the logs in the suricata

Hi opnids99,

You need to have IP on MGT interface (that is the management interface). You do-not need to have IP on TAP interface. In fact, it is preferred that you don’t have any configuration on the TAP interface.

Also, in order to download the suricata rules, make sure your VM networking for the MGT interface allows internet access. The rules are downloaded after you select (enable) them and then click on download. Once you have all the rules you need, any traffic coming to TAP interface will be subject to those rules.

MLE feeds off the eve.json (suricata’s alerts log). You’ll neet to set your VM’s TAP interface to promiscuous mode and start sending traffic to it.
Alternatively, you can browse malicious traffic on host and allow guest OPNIds access to that traffic on the promiscuous interface.

I know it is a little tricky. Most of this part we’ve tested on actual hardware. But we’ve done it on VM as well.

Let us know if these steps are helpful.

BR

but when i configure the MGT interface it does not connect to the GUI as shown below

when i configured only TAP it works all fine and i have enable and download all the rules. im so confused

update i was able now to run MGT alone on vmware no TAP configured at all.
am i ready to start testing after downloading and updating? please check the interfaces in the picture and tell me if there is any thing wrong

and one last thing can you give me detailed step on how to test pcap files on suricata and the dragonfly machine please

Hi,
I’m sorry we did not respond back. Are you able to have it up and running? If not, what is your current status? We’d be happy to help you to get it online and running.

\br