Bronze IIntroduction to Detection Engineering: Ep.5 β Custom Alerting
Struggling to get the token for this one.
Got the Python script working (I think?) - it's generating alerts into Elastic, without replaying duplicates. But I get the select LatMov events - then wait and wait - before eventually getting;
@timestamp<actual timestamp here> alert_messageNot all instances of lateral movement detected. Please restart the lab to try again._id7qvVgpMBEQ2Wr4UXppEV_indexcustom_alert_index_score -
Sometimes I don't even get that, just a handful of events then the Lab expires.
Is there any more detailed guidance on this lab? Feels like the guidance was written at 4:59pm on Friday, if you know what I mean π
Also a bit confused, the guidance says play around with the sleep() function, as it describes the "WAIT_TIME_MINUTES" - fairly sure it's actually seconds? Unless IL have written their own custom 'time' module?
Nvm, I couldn't let this one go. Ended up trying it a couple more times, and just left the lab running in the bg - upteenth times a charm, token generated π
