cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Threat Emulation VM Access

When i attended the CP Advanced Troubleshooting for Threat Prevention training i did learn a couple of details that at the time were not yet documented. The situation has changed, but still there is material missing from documentation.

As sometimes only one special VM seems not able to finish emulation, it may be valuable to have a look at the emulation process in the VM itself. This can easily be accomplished, as for debugging issues with Virtual Machines it is possible to connect via VNC to the machines while running. First we have to enable VNC access with:

# tecli d e e

You then can see the VNC port of the relevant machine in the synopsis view:

# tecli s e v s

And now you can connect to all (running) VMs  ! This is not something you would do on a regular basis, as mostly TE does not take long, but as a troubleshooting procedure it does coma very handy...

Tags (1)
1 Reply
Employee++
Employee++

Re: Threat Emulation VM Access

Be sure that the port number you connect to is 590x.

Where x is the number shown in tecli s e v s.

Also keep in mind to open relevant firewall ports in between.

So from the example above you would connect to the second running VM with TightVNC to:

192.168.200.10:5901

Be sure to use TightVNC.

Also remember that clicking/typing or doing any other action inside the VM will count as "behaviour". So you might alter the result by accidently clicking things 🙂

Regards Thomas