It is very important to document all the related activities in order to monitor and evaluate the Red team and Blue team campaigns within Purple teaming, and especially to evaluate the readiness of the processes, people and tools themselves. SRA‚s VECTR tool serves exactly this purpose. However, as you will see later, it is not only a passive tool recording the progress of your teams, but it is also a gradually developing automated test framework (although it is still in its infancy).

 

Installation and setup of the VECTR tool is very simple and time-saving. We can safely say that from a clean Ubuntu installation, to which we will add VECTR, you can do it in a few minutes.

Requirements:
1x Ubuntu server – Recommended configuration 6 CPU a 16 GB RAM, but for testing you can get by with 2 CPU a 4 GB RAM.

 

Instructions:

If you have Ubuntu server 20.04 or higher installed, the only command you will need is:

$ sudo apt-get install docker.io docker-compose unzip

Create a folder for VECTR and download the latest repo from github:

$ mkdir -p /opt/vectr

$ cd /opt/vectr

$ wget https://github.com/SecurityRiskAdvisors/VECTR/releases/download/ce-8.3.2/sra-vectr-runtime-8.3.2-ce.zip -P /opt/vectr

$ unzip sra-vectr-runtime-8.3.2-ce.zip

Of course, the version may vary depending on when you are reading this, so check the latest version available at:

Releases · SecurityRiskAdvisors/VECTR (github.com)

 

Before running the docker compose you need to edit the env file:

$ sudo nano .env

Modify the file according to your environment, there is only one condition for VECTR to work, and that is to change the hostname, where you can use the IP address. We recommend you to change other data especially if you are moving VECTR to production.

Now you can safely enter the compose command:

$ sudo docker-compose up -d

This command will download all necessary dockers and will starts them. You can then go to the address you specified in the env configuration file.

Use the default credentials for the first login:

Username: admin

Password: 11_ThisIsTheFirstPassword_11

 

After logging in, click through the wizard to learn the basic operations in VECTR. Once you’ve clicked through, you’ll find that apart from a few model examples, VECTR is empty, so ideally…

 

Import of MITRE CTI

There is nothing easier in VECTR and the procedure is therefore very simple:

1. Go to MITRE CTI – see what you can find there, or go straight to:
2. Download the Enterprise ATT&CK file.
3. In VECTR, go to Administration – Import Data – File Import.

4. Drag the downloaded file into the Drag & Drop your files or Browse section, or simply click on this area and select the downloaded file in the classic dialog.

5. Once the upload to VECTR is complete, click Submit to pull in all the information about APT groups, TTP tools, etc.

6. Select what you want to import into VECTR from the list that appears, if you import the entire file all of the content will be available for you to test later.

7. After importing, you can start a new campaign by simply clicking on Assessment in the left menu – the large button Create new.

8. Give your campaign a name and add a detailed description if you want. It is important to select MITRE organization to shorten the list of available campaigns. Select your campaign and click Save.

9. Your assessment will appear in the overview, after clicking on the campaign you will see its details and the individual parts of the campaign. Congratulations you can start your testing.

If something doesn’t work, contact us. thanks.