Table of Contents
Below you'll find a table of contents for the Testing journey.
Mandiant Security Validation utilizes an isolated virtual environment called Protected Theater to allow you to safely test the efficacy of endpoint security controls against destructive behaviors. In this section, we will walk you through the process of deploying and utilizing the Protected Theater.
Prerequisites
- Administrative access to MSV Director.
Actions
Deploy Protected Theater
In this action, we will walk you through all of the decisions and steps necessary to deploy a Protected Theater.
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Administrative access to MSV Director.
- Administrative access to VMware vSphere.
- Static IP Address for the Protected Theater.
- An MSV license with Protected Theater as an included entitlement.
Steps
-
Confirm that the hardware meets specifications in linked documenation. | Docs
-
Confirm that nested virtualization is enabled for the Protected Theater VM. See linked VMware documentation for more information. | Docs
-
Review additional information in the linked documentation to ensure that all SSL certificates and protected artifacts and services have been configured properly. | Docs
-
Deploy the Protected Theater using OVA, see linked documentation. | Docs
-
Register the Protected Theater with the Director, see linked documentation. | Docs
-
Configure the customer Gold Image, see linked documentation. | Docs
-
Import the customer gold image into the Protected Theater, see linked documentation. | Docs
-
Review additional information for configuring user profiles and protected rule assignments. | Docs
-
Install the MSV software agent onto the Golden Image, and register the Protected Actor to the Director. Utilize the steps in the next section to upload the MSV installation files to the director, and access the director from the imported Golden Image to download the installation files.
Relevant Links
- All Steps: https://docs.mandiant.com/home/msv-pt-before-you-begin
- 1: https://docs.mandiant.com/home/msv-protected-theater--system-requirements
- 2: https://communities.vmware.com/t5/Nested-Virtualization-Documents/Running-Nested-VMs/ta-p/2781466
- 3: https://docs.mandiant.com/home/msv-pt-before-you-begin
- 4: https://docs.mandiant.com/home/msv-pt-adding-and-configuring-the-pt-virtual-environment
- 5: https://docs.mandiant.com/home/msv-pt-install-register
- 6: https://docs.mandiant.com/home/pt-configure-gold-image
- 7: https://docs.mandiant.com/home/pt-import-and-install-the-gold-image
- 8. https://docs.mandiant.com/home/msv-protected-theater-configurations
Utilize Protected Theater
Protected Theater is an extremely powerful tool to test the efficacy of your security controls. In this section, we will walk you through uploading files to the endpoint file library, connecting to the Protected Theater using VNC or Console, and finally, creating a Protected Theater Action.
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Administrative access to MSV Director.
- Deployed Protected Theater.
- Deployed Protected Actor with MSV Agent installed and connected to MSV Director.
Steps
-
In order to upload files to the Endpoint Files Library, you'll need to navigate to the Director and sign-in.
-
Select Library > Endpoint Files.
-
Click Add File and select the file you want to upload.
-
Add a description of the file.
-
Select the lowest User Group that should have access to the file.
-
Click Submit.
-
To connect to the Protected Theater over Console, you will need to navigate to the Director and sign-in. Then click Environment > Protected Theaters.
-
Click Edit next to the Protected Actor.
-
Click Launch Console.
-
Protected Theater Actions are a special type of Host CLI Action that includes destructive behaviors. Ensure that you've already added the file to the File Library, if your action will utilize a file.
-
Approve the file or have your Security Validation admin approve the file.
-
Create and save the Host CLI Action.
Relevant Links
Initial Baseline Testing
The action of baselining in reference to a security validation program and using a tool like Mandiant Security Validation (MSV), is the process of running a core set of tests to evaluate the effectiveness of the controls in your environment to provide a basis of data.
Prerequisites
- Administrative access to MSV Director.
- Deployment of MSV Director, Internal Network and Endpoint Actors, and a externally hosted network actor.
- Recommended: Configured integrations with your security technologies, (SIEM, EDR/AV, etc.)
Steps
-
- Review the following Blog on how to develop baseline testing for new security validation deployments. | Docs
Relevant Links
Congratulations!
Your Mandiant Security Validation Journey is complete!
Previous Step: Mandiant Security Validation: Step 4 - Security Content