Logo brandaris diap
Logo brandaris diap
<10 March 2025>
Rapid7 InsightIDR Honeypot in Hyper-V & Azure

Rapid7 offers the Honeypot as a .OVA file—an ideal format for VMware. But what if you’re using a different platform, such as Hyper-V or Azure? In that case, you’ll need a different file format: .VHD. In this guide, we’ll show you how to convert and configure the InsightIDR Honeypot for use on these platforms.

AUTOMATIC CONVERSION VIA SCRIPT

You can use the attached script to automatically download and convert the file to .VHD format. If you choose this option, proceed to “Step 4: Configure Virtual Machine in Hyper-V” after the script has run successfully.

MANUAL CONVERSION

Step 1: Download the Honeypot OVA

To use the honeypot, you must first download it from your InsightIDR account.

  1. Log in to your Rapid7 InsightIDR account.
  2. Navigate to Data Collection > Honeypots.
  3. Click Download Honeypot.
  4. Save the .OVA file to your system.

Step 2: Extract OVA file

An OVA file is a compressed container that includes several virtual machine files. Use 7-Zip to extract the downloaded .OVA file. This will result in the following files:

  • eu-central-1-final-latest.OVF – VM configuration file.
  • eu-central-1-final-latest.VMDK – Virtual hard disk.
  • eu-central-1-final-latest.mf – Manifest file.

We only use the .VMDK file. (The file names may differ depending on the region your InsightIDR tenant is in.)

Step 3: Convert VMDK to VHD with VirtualBox

Hyper-V and Azure do not support the VMDK format. This means you’ll need to convert the file to VHD—a format supported by both platforms. Use VirtualBox and the VBoxManage.exe tool to convert the .VMDK file to .VHD.

  1. Navigate to the default VirtualBox installation:
    cd C:\Program Files\Oracle\VirtualBox"
  2. Execute the command below (change the path to the location of your .VMDK):
    ".\VBoxManage clonemedium disk "C:\temp\eu-central-1-final-latest-disk1.vmdk" "C:\temp\honeypot.vhd" --format VHD"

Once completed, you’ll have a .VHD file that’s suitable for use with Hyper-V.

STEP 4: CONFIGURE VIRTUAL MACHINE IN HYPER-V

After the conversion, you can create a new virtual machine in Hyper-V and configure the honeypot.

  1. Open Hyper-V Manager.
  2. Click on Create New Virtual Machine.
  3. Go through the interface and configure the VM settings:
    • Name: Free to choose.
    • Generation: Generation 1.
    • Operating System: Ubuntu 64-bit.
    • CPU: 2 cores.
    • RAM: 2048 MB.
    • Network Adapter: Legacy Network Adapter.
    • Storage Controller: SCSI Controller.
    • Hard Disk: Use an existing Virtual Hard Disk → choose the .VHD here.
  4. Start the VM and go through the configuration in the console session.
  5. Ignore the first pairing code that appears after configuration. Press Enter twice to bring the honeypot into active mode.
  6. Reboot the VM.

Step 5: Connect Honeypot

After booting the VM, the Honeypot will generate a pairing code. In Hyper-V, use this code to connect the Honeypot directly to InsightIDR.

  • Hyper-V only: Use the pairing code displayed in the command line after booting to complete the connection. This marks the end of the instructions for Hyper-V.
  • Azure only: Shut down the VM before proceeding to the next step.

Step 6: Convert VHD to Fixed Size in Hyper-V Manager

Before you can use the honeypot in Azure, you need to convert the VHD file to a Fixed Size VHD.

  1. In Hyper-V Manager, go to the Actions panel on the right and click Edit Disk.
  2. Click Next in the wizard that appears.
  3. Click Browse and select the honeypot VHD.
  4. Click Next and choose the Convert action.
  5. Select VHD as the format and click Next.
  6. Choose Fixed size and click Next.
  7. Select a location to store the converted VHD and click Finish.
  8. Wait for the conversion process to complete.

Step 7: Upload VHD to Azure Storage Blob

The converted VHD needs to be uploaded to Azure Blob Storage so it can be used as a Managed Disk later.

  1. Log in to the Azure Portal at https://portal.azure.com.
  2. Navigate to Storage accounts.
  3. Click Create to create a new storage account.
  4. Fill in the following settings:
    • Name: Free to choose.
    • Region: Choose the same region as the honeypot.
    • Primary Service: Azure Blob Storage.
    • Performance: Standard.
    • Redundancy: Locally-Redundant Storage (LRS).
    • Click Review + Create.
  5. Review the settings and click Create.

Step 8: Create Container in Azure Blob Storage

  1. Open Storage Browser in the Azure Portal.
  2. Go to your Storage Account and click Blob Containers.
  3. Click Create Container, give it a name (e.g. “vhds”), and set access to Private.
  4. Upload the Fixed Size VHD via the GUI. (or use Azure Storage Explorer)

Step 9: Create Managed Disk in Azure

  1. Open the Azure Portal.
  2. Go to Disks and click Create Disk.
  3. Fill in the following settings:
    • Resource Group: Choose the existing group.
    • Region: Choose the same as the VM.
    • OS Type: Linux.
    • Source Type: Storage blob.
    • Source Blob URL: Select the uploaded VHD.
    • Size: Choose an appropriate size.
  4. Click Review + Create.

Step 10: Create and configure Azure VM

  1. Go to Virtual Machines and click Create > Azure Virtual Machine.
  2. Configure the VM settings.
  3. Once the VM is created, power it off immediately.
  4. Go to Settings > Disk and choose Swap OS Disk.
  5. Replace the OS disk with the created Managed Disk.
  6. Reboot the VM.

Your InsightIDR Honeypot is now running successfully on Hyper-V or Azure!