Royal Caribbean International

Royal caribbean Cruise line partnered with Travelonly to offer you the best deals in cruises
Alaskan cruises with Royal CaribbeanAlaska
In the land of the midnight sun, you’ll need every extra minute of daylight if you want to experience it all. From the awe-inspiring blue ice of a massive glacial field to the expansive grandeur of its wildlife and nature, everything in Alaska is bigger. Including the adventures. For the ultimate Alaska vacation, look at our cruisetours – a combination of cruise vacation and land tour. We offer 21 cruisetours to Alaska. They range from 10 to 14 nights and in most cases, you can choose to take land tour portion either before or after your cruise.

Highlights

  • Take a scenic arctic adventure on White Pass & Yukon, the “Scenic Railway of the World.”
  • Hike through the glacial waterfalls and rain forests outside the picturesque capital of Alaska, Juneau.
  • See the spectacular Juneau Ice Field on a helicopter adventure.
    Take a wildlife cruise onboard a high-speed catamaran.
  • Explore the famous Inside Passage of Ketchikan on a guided mountain-bike tour.
    Race across a glacier in an exhilarating dogsled ride.

    Find your Alaskan Cruise

Australia and New Zealand cruises with Royal CaribbeanAustralia & New Zealand
This is your official invitation to the home of the kangaroos, koalas and kiwis. Take one of our 12 and 14 night cruises to Australia, New Zealand and the islands. Ports of call include enchanting destinations like Sydney, Melbourne, Wellington, Christchurch, Tasmania, and more. If you’ve ever dreamed of an exotic cruise to the South Pacific, your dreams have just come true.

Highlights

  • Take a tour of one of Australia’s most famous architectural icons, the spectacular Sydney Opera House.
  • Look for shells and the occasional frolicking dolphin along the pristine coast of Melbourne.
  • Take a leisurely stroll through one the beautifully maintained parks in Christchurch, aptly referred to as the Garden City.
  • Discover New Zealand’s art, culture and history in Wellington’s many museums.
  • Cuddle a koala and meet some of Australia’s other native animals, including kangaroos, kiwis and cockatoos, at Bonorong Wildlife Park.

    Find your Australian/New Zealand Cruise

Bermuda cruises with Royal CaribbeanBermuda
Nearly 600 nautical miles off the coast of North Carolina, this island is known for its pastel painted houses, brilliantly colored gardens, cricket matches and charming shorts. Its pink-sand beaches, excellent shopping, and proximity to the U.S. make it an ideal destination for a getaway cruise vacation.

Highlights

  • Play a round of golf on one of six world-class golf courses.
  • Lounge on pink-sand beaches.
  • Shop for bargains and sample local cuisine in King’s Wharf.
  • Bike the Bermuda Railway Trail in Hamilton.
  • Kayak through the Paradise Lakes.
  • Troll for blue marlin on a deep-sea fishing adventure.

    Find your Bermuda Cruise

Caribbean cruises with Royal CaribbeanCaribbean
Nearly 600 nautical miles off the coast of North Carolina, this island is known for its pastel painted houses, brilliantly colored gardens, cricket matches and charming shorts. Its pink-sand beaches, excellent shopping, and proximity to the U.S. make it an ideal destination for a getaway cruise vacation.

Highlights

  • Climb Jamaica’s Dunn’s River Falls.
    Go mountain biking in Costa Rica’s rain forests.
  • Snorkel with stingrays.
    Go horseback riding on the beach.
    Dive 800 feet below sea level in a research submarine
  • .
    Discover the inhabitants of a coral reef on a glass-bottomed boat.
    Visit Labadee®, one of Royal Caribbean’s exclusive, private destinations.
  • Explore ancient civilizations as you climb mysterious Mayan pyramids.

    Find your Caribbean Cruise

European cruises with Royal CaribbeanEurope
Stand in awe before the works of Michelangelo in Italy or Gaudí’s distinctive architecture in Spain. Wonder at delicate masterpieces in Oslo’s Hadeland Glassworks. Witness the remains of ancient civilizations in Greece and Turkey. Tour Palace Square in St. Petersburg, Russia. From the fjords of Norway to the waterways of Venice to the ruins of the Mediterranean, explore the richness and beauty of Europe in a totally new way. You can also bring your adventure inland on a Europe Cruisetour – a unique combination of cruise vacation and land tour by luxury motorcoach or train. Venture from Madrid, Spain to Toledo and Barcelona; explore the famous Champs Élysées in Paris, France and the streets of London; cruise the peaceful Lake Como to the canals of Venice or visit Florence the birthplace of the Renaissance and the holy grounds of the Vatican City in Rome; If you’re ready for the vacation of a lifetime, you’ve found it. Start planning your adventure today.

Highlights

  • Stand atop the Rock of Gibraltar.
  • Follow the path of the Grand Prix circuit along the French Riviera.
  • Visit St. Patrick’s Cathedral, Ireland’s largest church.
  • Stroll through George’s Square in Glasgow.
  • Take a boat ride to the spectacular island of Capri.

    Find your Eastern European Cruise

    Find your Western European Cruise

Panama Canal cruises with Royal CaribbeanPanama Canal
The Panama Canal isn’t just the quickest link between the Atlantic and the Pacific, it’s also the most beautiful. On our Panama Canal cruise vacations you’ll visit or sail through this amazing engineering achievement, watch the famous cliff divers in Acapulco, or even take an exciting raft trip through the jungles of Costa Rica.

Highlights

  • Swim with stingrays in George Town’s famous Stingray City.
  • Shake your maracas at the wacky Kukoo Kunuku bar-hop adventure.
  • Explore the wonder of one of engineering’s greatest marvels, the Panama Canal.
  • Float down the dreamy Tortuguero canals in Costa Rica.
  • Explore exciting Cheeseburger Reef in a semisubmersible.
  • Check out the “beautiful people” in Miami’s South Beach.

    Find your Panama Canal Cruise

Bermuda cruises with Royal CaribbeanBermuda
Nearly 600 nautical miles off the coast of North Carolina, this island is known for its pastel painted houses, brilliantly colored gardens, cricket matches and charming shorts. Its pink-sand beaches, excellent shopping, and proximity to the U.S. make it an ideal destination for a getaway cruise vacation.

Highlights

  • Play a round of golf on one of six world-class golf courses.
  • Lounge on pink-sand beaches.
  • Shop for bargains and sample local cuisine in King’s Wharf.
  • Bike the Bermuda Railway Trail in Hamilton.
  • Kayak through the Paradise Lakes.
  • Troll for blue marlin on a deep-sea fishing adventure.

    Find your Bermuda Cruise

South American cruises with Royal CaribbeanSouth America
South America is a place of extremes. From the steamy beaches and rain forests of Brazil, to the snow-capped Andes mountains of Chile. From the passionate dances in the tango parlors of Buenos Aires, to the glittering golden churches that line the streets. What unites them all is a great love of beauty, and a passion for living.

Highlights

  • Take the tram to Sugarloaf and enjoy the spectacular views of Copacabana and Ipanema beaches in Rio.
  • Parasail over the beaches of Uruguay.
  • Sip caipirinhas at a beachside café in Brazil.
  • Learn to dance the tango in Buenos Aires.
  • Sail around the tip of South America at Cape Horn.
  • Get up close with penguins on the Falkland Islands.



    Find your South American Cruise
Asian cruises with Royal CaribbeanAsia
Cruise for a week to the sunny beaches and fun theme parks of the Bahamas and Florida or make it a quick 3- or 4-day getaway to the Bahamas. Whether you’re looking for a tropical adventure, a little romance or just a great time with the kids, we’ve got the perfect 3-, 4- and 7-day vacations. Add in Freestyle Cruising with our award-winning dining, entertainment, accommodations and tons of fun for everyone and you’ve got one perfect cruise.

Highlights

  • Check out the view from the world’s tallest building (1,671 ft.) in Taiwan.
  • Shop ’til you drop in one of Hong Kong’s bustling open-air markets.
  • Treat yourself to exotic curries and satays in a post-colonial Bangkok café.
  • Explore some of the world’s most beautiful temples in Cambodia.
  • Haggle over colorful batiks, silks and sarongs in Singapore’s famous Arab Street.

    Find your Asian Cruise

Bahamas cruises with Royal CaribbeanBahamas
Close to the East Coast of the United States, the Bahamas are known as a refuge from the harsh winters of the north. But there’s more to this paradise than sugar-white beaches and warm sunshine. You can swim with dolphins and tropical fish in the turquoise waters. Or soar above the sea in a parasail. Then explore the islands’ thrilling history as a haven for pirates – a "Privateer’s Republic" was formed at one point with Blackbeard himself as the magistrate.

Highlights

  • Parasail over our private island, CocoCay.
  • Swim with dolphins in clear-blue water.
  • Follow the legendary footsteps of Blackbeard.
  • Soak up the sun on a white-sand beach.
  • See sharks, barracuda and other creatures of the sea at “Predator Lagoon.”
  • Experience the rush of the Thriller powerboat adventure.

    Find your Bahamas Cruise

Canada and New England cruises with Royal CaribbeanCanada & New England
New England and eastern Canada have an unmistakable charm, history and natural beauty all their own, and there’s no better time to visit than the fall. The foliage is brilliant in every imaginable color, lighthouses dot the coastline, and there’s always an authentic lobster bake going on somewhere.

Highlights

  • Retrace American history on Boston’s famous three-mile Freedom Trail.
  • Mountain bike through the raw beauty of Acadia National Park.
  • Shop ’til you drop in Freeport, home of the world-famous L.L.Bean® and over 100 other shops.
  • Sail the coast of Nova Scotia in a 63-foot schooner.
  • Taste the true flavors of the Northeast at an authentic Lobster Bake with all the trimmings.
  • Discover Quebec’s breathtaking 272-foot Montmorency Falls.

    Find your Canada/New England Cruise

Dubai and Emirates cruises with Royal CaribbeanDubai / Emirates
Visitors to our newest destination- Dubai and the Emirates won’t help but marvel at the stunning beauty, rich history, and brilliant promise as one of the world’s fastest-growing luxury travel destinations. There’s plenty to explore, whether you’d rather dive among the coral reef in the azure waters of Sharm El Sheikh, Egypt, or dive right into Dubai’s sprawling Mall of Emirates-with over 200 shops and an indoor ski slope that you must see to believe. Or, if you’re looking for true flavor of the region, you’ll find it in grand and ancient mosques, tranquil beachside resorts, or at one of the area’s many open-air souks buzzing with authentic the sights, sounds and tastes of the region.

Highlights

  • Explore Ras Mohammed, Egypt’s oldest nature preserve.
  • Sand ski down the dunes of Liwa Oasis or snowboard at the indoor ski dome.
  • Fly over the breath-taking Palm Islands, the three largest artificial islands in the world.
  • Dune drives in the desert.
Hawaiian cruises with Royal CaribbeanHawaii
Explore the islands, Maui’s waterfalls and winding back roads on a four-wheel adventure through Kauai. Discover lush rain forests and orchid-scented botanical gardens on Hawaii, and hike Oahu’s Diamond Head and Koko Head volcanoes. Come experience the wonders of Hawaii on an incredible cruise vacation.

Highlights

  • Snorkel with dolphins and sea turtles in the shadow of Lanai.
  • Hike across the lunar landscape of Hawaii’s lava fields.
  • Watch the acrobatics as Hawaii’s surfers defy death in Hawaii’s famed shore break.
  • Explore Hawaii’s shoreline on horseback.
  • Experience the true taste of treats from the Far East in Honolulu.

    Find your Hawaiian Cruise

Mexican cruises with Royal CaribbeanMexico
This paradise just south of the U.S. border offers a vibrant culture, world-class beaches, lush green rain forests, and vividly painted architecture that will dazzle your eyes. Whether your idea of adventure is exploring a colonial city or discovering the joys of a siesta on a white-sand beach, a Mexican cruise vacation is perfect for you.

Highlights

  • Encounter dazzling tropical fish and multicolored coral reefs while snorkeling in Cabo San Lucas.
  • Soak up the sun on Mazatlán’s beautiful beaches.
  • Learn the art of wine making in Ensenada.
  • Visit Catalina’s famous undersea garden, The Starlight.
Transatlantic cruises with Royal CaribbeanTransatlantic
In a world where everything is harried and hurried, take a step back to a time when traveling was the adventure. Imagine the excitement of setting out to cruise across the ocean, and the horizon. And discover the adventure of exploring foreign ports and shores, while returning to the comfort of your stateroom every night. Come with us for an unforgettable transatlantic voyage.

Highlights

  • Stand atop the Rock of Gibraltar.
  • Explore the varied landscape of the Canary Islands.
  • Stroll through the charming squares of Europe.
  • Shop at the finest stores in Europe.
  • Follow the paths of ancient explorers and discover their homelands.


    Find your Transatlantic Cruise
Book a Royal Caribbean Cruise! Call 1-866-496-9862
Royal Caribbean – Cruise Ships
Allure of the sea Oasis Class cruise ship from royal caribbeanOasis Class
Allure of the Sea℠ – The revolutionary design of Allure of the Seas will fill your days at sea with wonder: wake to two-story ocean views in our contemporary Loft Suites, hop onto a classic, full-sized carousel in our Boardwalk neighborhood, spend some quiet time in our adults-only Solarium, and let the kids’ imaginations run wild in our Youth Zone – the largest dedicated youth area at sea. Jump right into our Pool Zone, where you’ll find our H2O Zone, cantilevered whirlpools, FlowRiders® and a thrilling zip-line view of the ship and sea below. When it’s time to unwind, go for a stroll in Central Park – a meandering garden and lush public space lined with foliage and fine restaurants – or take in the majestic view from any of the multiple balconies overlooking the AquaTheater, the first amphitheater at sea. With 28 ultra-modern loft suites and 2,700 spacious staterooms, this 16-deck marvel proves that the impossible is possible.
Oasis of the sea Oasis Class cruise ship from royal caribbean
Oasis of the Sea℠ – Experience our most innovative and imaginative ship yet, Oasis of the SeasSM – where, for the first time ever, entertainment areas have become neighborhoods at sea. Find a revolutionary public space combining nature with nautical in our Central Park neighborhood, or old-world charm with a modern twist in the entertaining Boardwalk neighborhood. Visit the Pool and Sports Zone to explore an entire deck of pools, rock-climbing walls, basketball courts and more. And don’t forget the Youth Zone – where kids can be kids and parents can be worry-free. With a total of seven distinct onboard neighborhoods, everyone can discover a place for unique experiences. With 28 ultra-modern loft suites and 2,700 spacious staterooms, this 16-deck marvel proves that the impossible, is possible.

Adventure of the Seas Voyager class cruise ship from royal caribbeanVoyager Class
Adventure of the Seas® – We’ve taken cruising to a whole new level! Enjoy one-of-a-kind features like an ice-skating rink, the Royal Promenade and a rock-climbing wall just for starters. How did we accommodate all of these innovative ideas on one cruise ship? Simple. We built a bigger ship – the 138,000-ton, 3,114-guest Adventure of the Seas. Innovations on this and other Voyager-class cruise ships add up to more space for every guest and include enhanced staterooms, expanded dining options and exceptional recreational facilities.

Explorer of the Seas Voyager class cruise ship from royal caribbean
Explorer of the Seas® – There’s never been a cruise ship like this. Enjoy one-of-a-kind features like an ice-skating rink, the Royal Promenade and a rock-climbing wall. There was only one way to accommodate all of these innovative ideas. We built a bigger cruise ship. The 138,000-ton, 3,114-guest Explorer of the Seas offers more space for every guest – plus enhanced staterooms, expanded dining options and exceptional recreational facilities.
Mariner of the Seas Voyager class cruise ship from royal caribbean
Mariner of the Seas® – Guests will experience one of the most exciting cruise ships ever built. With a total length of 1,020 feet, a weight of 138,000 tons and a capacity to hold 3,114 passengers, Mariner of the Seas has something for everyone. Part of the Voyager class of cruise ships, which represents the highest public space-per-guest ratio in the cruise market, this spectacular ship was designed with enhanced staterooms, expanded dining options and state-of-the-art recreational facilities like a rock-climbing wall, ice-skating rink and basketball court.
Navigator of the Seas Voyager class cruise ship from royal caribbean
Navigator of the Seas® -A cruise ship or a work of art? Once onboard, we think you’ll agree this cruise ship is a revolutionary masterpiece if ever there was one. Not only does it sail effortlessly through the waters of the Caribbean, it contains some of the cruise industry’s most amazing features – a rock-climbing wall, a basketball court, an ice-skating rink and an in-line skating track. Dare we say there’s more? What about a five-story theatre, a casino, a miniature golf course and a spectacular three-story dining room? This 138,000-ton nautical wonder has it all.
Voyager of the Seas Voyager class cruise ship from royal caribbean
Voyager of the Seas® – This ship is a revolutionary marvel of naval engineering. Enjoy one-of-a-kind features like an ice-skating rink, the Royal Promenade and a rock-climbing wall, just for starters. How did we accommodate all of these innovative ideas? Simple. We built a bigger cruise ship. The 138,000-ton, 3,114-guest Voyager of the Seas became the world’s largest cruise ship when it entered service in November 1999. Innovations on this and other Voyager-class ships add up to more space for every guest, and include enhanced staterooms, expanded dining options and exceptional recreational facilities.

Sovereign Class
No matter what you’re in the mood for, there’s always something exciting happening onboard. From relaxing in our Day Spa and Fitness Center, to gambling in our casino, the Sovereign class of cruise ships has something for everyone. These cruise ships were the first megaships in the industry, setting the standard for cruising as we know it today.
Majesty of the Seas Sovereign class cruise ship from royal caribbean
Majesty of the Seas® – Thanks to a dazzling, top to bottom renovation, our popular Majesty of the Seas is more majestic than ever. Bahamas bound guests will enjoy a newly remodeled pool deck, expanded Day Spa & Fitness Center, plus tastefully refurbished staterooms, featuring luxurious bedding and eye-popping flat-screen TVs and more. And of course, there’s still the Bahamas powdery beaches and crystal clear water to look forward to.
Monarch of the Seas Sovereign class cruise ship from royal caribbean
Monarch of the Seas® – This remarkable 2,744-guest cruise ship sails year-round between Port Canaveral, the Bahamas and our private island CocoCay℠. You can pack your onboard schedule with complimentary Broadway-style shows, our signature rock-climbing wall, hotspots like Casino Royale and Boleros Latin Lounge and dining options from specialty Asian-fusion cuisine at Jade to a make-your-own pizzeria. Or, relax and focus on yourself with our day spa, fitness center, pools and whirlpools. Kids will love the time they spend onboard with our Adventure Ocean® Program and teen-only venues like Fuel. There are also plenty of ways to enhance your time off the ship with Shore & Land Excursions like scuba diving, shipwreck snorkeling and swimming with the dolphins.

Freedom of the Seas Freedom class cruise ship from royal caribbeanFreedom Class
Freedom of the Seas℠ – Experience a masterpieces of naval engineering, featuring a rock-climbing wall with eleven routes and a central spire you can swing around; our FlowRider® surf park at sea; cantilevered whirlpools that extend 12 feet beyond the sides of the ship; the H20 ZoneSM waterpark, complete with interactive sculpture fountains, ground geysers and a cascading waterfall; and so much more! The ship features extensive WiFi capabilities and mobile phone connectivity, as well as flat-screen TVs in every stateroom. You’ve got to see this ship to believe it.

Independence of the Seas Freedom class cruise ship from royal caribbean
Independence of the Seas℠ – Meet Independence of the Seas, the third in our spectacular Freedom class of ships. Seasonally ported in Southampton, England for part of the year, and Fort Lauderdale, Florida the rest of the year, this ship offers all of the amazing onboard experiences you’d expect from our Freedom Class of ships, while cruising to your choice of destinations in Europe or the Caribbean.
Liberty of the Seas Freedom class cruise ship from royal caribbean
Liberty of the Seas℠ – Say hello to one of the world’s biggest and most imaginative maritime marvels. This second addition to our Freedom class of ships comes fully loaded with an unlimited supply of onboard adventure. You’ll find a surf park, full-size boxing ring, H20 Zone℠ water park (complete with ground geysers) plus flat screen TVs in every stateroom – and that’s just the short list. Liberty also offers Royal Caribbean’s very own Vitality Wellness Program that will rejuvenate your body and soul with soothing spa treatments, healthy menus, personal trainers, tons of fitness options and more!

Brilliance of the Seas Radiance class cruise ship from royal caribbeanRadiance Class
Brilliance of the Seas® -Just another example of Royal Caribbean’s commitment to making your at sea vacation experience one you will never forget. More outside cabins, glass elevators facing the sea, nine-story glass-constructed Centrum, state-of-the-art technology and of course, our Gold Anchor Service® that is second to none, are just a few of the ways this cruise ship will make your journey special and unique.
Jewel of the Seas Radiance class cruise ship from royal caribbean
Jewel of the Seas® – One of our newest cruise ships, Royal Caribbeanoffers the ultimate "at sea" experience by combining speed, added comfort, greater space, sweeping ocean vistas and an exceptional staff committed to serving your every whim. Among her spectacular features are the ten-story glass-constructed Centrum, glass elevators facing the sea, and the highest percentage of outside cabins in the Royal Caribbean fleet.
Radiance of the Seas Radiance class cruise ship from royal caribbean
Radiance of the Seas® – The ultimate "at sea" experience by combining speed, added comfort, greater open spaces, sweeping ocean vistas and an exceptional cruise staff committed to serving your every whim. Among her spectacular features are the 10-story glass-constructed Centrum, glass elevators facing the sea, and the highest percentage of outside staterooms in the Royal Caribbean fleet.
Serenade of the Seas Radiance class cruise ship from royal caribbean
Serenade of the Seas® – One of our newest cruise ships, offers the ultimate "at sea" experience by combining speed, added comfort, greater space, sweeping ocean vistas and an exceptional staff committed to serving your every whim. Among the ship’s spectacular features are the ten-story glass-constructed Centrum, glass elevators facing the sea and the highest percentage of outside cabins in the Royal Caribbean fleet.

Enchantment of the Seas Vision class cruise ship from royal caribbeanVision Class
Enchantment of the Seas®
After the ship version of an "extreme makeover" in early 2005, Enchantment of the Seas is fully refurbished and brimming with exciting new features. Bungee trampolines, suspension bridges and an expanded Pool Deck will please adventurous guests, and the interactive Splash Deck is a great spot for kids to get soaked. Enjoy Boleros, our new Latin-themed lounge; work up a sweat in the fitness facilities; and then cool down with a cone from Ben & Jerry’s. Enchantment of the Seas is more, well… enchanting, than ever!
Grandeur of the Seas Vision class cruise ship from royal caribbean
Grandeur of the Seas® – A cruise ship so grand we had to call it Grandeur of the Seas. This majestic, 2,446-guest ship comes equipped with a
full-service spa, six whirlpools, an outdoor jogging track and a seemingly endless choice of bars and
restaurants.

Legend of the Seas Vision class cruise ship from royal caribbean
Legend of the Seas® – Thousands of windows showcase the world’s most memorable coastlines and ports. Whether you’re cruising the Inside Passage or docked in Cozumel, you’ll never lose sight of the reason you
came aboard. Filled with an endless supply of entertainment and relaxation options, Legend of the Seas boasts 70,000 tons of fun and adventure for up to 2,076 guests. With 9-hole miniature golf, four whirlpools and a Solarium with a sliding roof, there’s something for everyone onboard this cruise ship.
Rhapsody of the Seas Vision class cruise ship from royal caribbean
Rhapsody of the Seas® – With
dramatic walls of glass and retractable canopy,this luxury cruise ship has already embarked on the course other cruise ships will someday follow.
When you’re not enjoying the magnificent ocean views, you’ll be relaxing in the soothing Day Spa, swimming in one of the two pools, taking a much-needed whirlpool or catching up with friends over your favorite drink in one of our eight lounges.
Splendour of the Seas Vision class cruise ship from royal caribbean
Splendour of the Seas® – Thousands of windows showcase the world’s
most memorable coastlines and ports. Whether you’re cruising the Inside Passage or docked in Cozumel, you’ll never lose sight of the reason you
came aboard. This magnificent cruise ship has a seven-story lobby, an 18-hole miniature golf course and a stunning indoor/outdoor pool in a unique Solarium.
Vision of the Seas Vision class cruise ship from royal caribbean
Vision of the Sea® – Thousands of windows showcase the world’s most memorable coastlines and ports. Whether you’re cruising the Inside Passage or docked in Cozumel, you’ll never lose sight of the reason you
came aboard. The 2,435-guest Vision of the Seas has beautiful onboard amenities too. There’s the very soothing Day Spa, two pools, six whirlpools, and the Masquerade Theatre, which features nightly entertainment, like contemporary musical stage productions. And that’s just the beginning of your cruise vacation.
Book a Royal Caribbean Cruise! Call 1-866-496-9862
*Photos provided by RoyalCaribbean.com
Drainware - Jose Ramon Palanco

Projects

Drainware

22 January, 2020

Tags: , , , , , ,

Between 2011 and 2014 we developed (Cristian Sandoval, Marco Lojo, Antonio Moreno, .. among others) a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, .. among other technologies. Most of the magic was inside the endpoint, written in C++.

This product is able to identify data leaks in buffers like the clipboard, screenshot (OCR), … monitor removable devices, network units, applications (minifilter driver), cloud apps (dropbox, one drive, google drive), printer (OCR), …

It uses geolocation based on the SSIDs using google location services to track stolen devices or known when a device was located when the data leak was performed.

It also comes with a basic sandbox to freeze applications abused by exploits by detecting suspicious traces in memory like nop-sled, heap-spray, ….

One of the coolest features was the distributed search across all endpoints of the organization. It was possible to find files, emails, documents, …

Another interesting feature is that the endpoint includes a PHP interpreter to run callbacks or create validators based in regular expressions, REST API calls or whatever you can imagine. It also uses ADS, ssdeep and several fun things you will find browsing into the code.

Promo video:

Now this project is opensource!

The code

You can download the source code at Github:

https://github.com/drainware

DISCLAIRME: Use the code under your own responsibility. This project is not maintained for a long time, so most of the dependencies are obsoletes and some of them vulnerable.

Screencasts

Drainware Intro:

Drainware DLP:

DLP Storage:

DLP Custom rules:

 

 

 

Manual

 

Introduction

This manual is written either to be read sequentially the first time, or can be used as a reference guide. During this reading you can find notices in the following formats:

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Concept clarifications

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: Important concepts to keep in mind

Tip: Tricks, shortcuts and other tips

About Drainware

Drainware is a security platform that is like a service. It has several modules to protect the information and/or the computers that contain this information.

We offer Freemium license which means you can start using it for free with some restrictions in its features.

Requirements

Operating System

Drainware can be deployed on computers with Microsoft Windows OS installed. The currently supported versions are the following:

OS Architecture
Windows XP x86
Windows 7/8 x86/x64
Windows 10 x86/x64

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!

Windows XP is supported only with Service Pack 3 or later. We also have support for Windows XP SP2, but you have to install the following components:

Windows Search 4.0 for Windows XP (KB940157)

Wireless LAN API (KB918997)

    1. Minimum Hardware

CPU: Intel Pentium III 1 GHz or faster

RAM: 1 GB (2GB recommended)

HDD: 200 MB

Installation

Signing up in the system

Before installing Drainware, it’s necessary to have an account on the platform. To sign up in the system you’ll have to go to the official Drainware website at https://www.drainware.com and click on the sign-up button in the top-right menu.

 

home

register

This will show us a form where we must input the information requested: registry data, company name, VAT ID, and the number of employees.

The e-mail will be associated with your account and it won’t be able to be changed in the future.

For the number of employees field, we only have to consider the ones that normally work with a computer.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: The password must have at least 8 characters.

Afterward, you will receive an e-mail that will allow you to validate your new account.

register_mail

When the license has been validated, it will redirect us to the sign-in page where we will have to input the e-mail and the password that we have entered in before.

login

Software endpoint installation

Once we have the license validated and entered our credentials, we are correctly signed in and able to download the software. After sign in, we have the possibility to download the installer. To the right of the download link, we have the license number that is a 16 digit code that we will need during the installation.

Download

This installer will install the 32 or 64-bit version, depending on the operative system used.

Advanced Installation

It is possible to deploy the endpoint in an unattended manner. This is very useful if you have a lot of users and you want to deploy it on a mass scale.

To do that, you can find the .msi installers available in the following URL

http://update.drainware.com/

The procedure to install it through the command line is below (where you must replace the red text by your license number):

msiexec /i file.msi /quiet /noreboot DDI_LIC=XXXX-XXXX-XXXX-XXXX

If you prefer you can use this logon script:

Name: drainware_logon.vbs

Function GetWindowsArchitecture(strComputerName)

Set objWMI = GetObject("winmgmts://" & strComputerName & "/root/cimv2")

Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem", , 48)




For Each objItem In colItems

GetWindowsArchitecture = "32-bit"

If left(objItem.Version,3) >= 6.0 Then

GetWindowsArchitecture = objItem.OSArchitecture

End If

Next

End Function

Function GetProgramsFolder()

Set wshShell = WScript.CreateObject("WScript.Shell")

GetProgramsFolder = wshShell.ExpandEnvironmentStrings("%programfiles%")

End Function

Function ExistDrainwareSecurityDir()

Set objFSO = CreateObject("Scripting.FileSystemObject")

ExistDrainwareSecurityDir = objFSO.FileExists(GetProgramsFolder() & "\Drainware\Drainware Security Endpoint\DrainwareSecurityAgent.exe")

End Function

Function DownloadDSE(strRemoteDSE, strLocalDir)

Set objFSO = CreateObject("Scripting.FileSystemObject")

objFSO.CopyFile strRemoteDSE, strLocalDir & "\"

End Function

Function InstallDSE(strLicense, strRepository)

If Not ExistDrainwareSecurityDir() Then

Set wshShell = WScript.CreateObject("WScript.Shell")

Select Case GetWindowsArchitecture(".")

Case "64-bit"

Rem Msgbox "Installing Endpoint 64-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud.msi"

Case "32-bit"

Rem Msgbox "Installing Endpoint 32-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud32.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud32.msi"

End Select

DownloadDSE strRemoteDSE, wshShell.ExpandEnvironmentStrings("%temp%")

Rem Msgbox "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Rem WshShell.Run "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Msgbox "Your computer will restart after a few seconds"

End If

End Function

Dim strLicense

Dim strRepository

strLicense = WScript.Arguments(0)

strRepository = WScript.Arguments(1)

InstallDSE strLicense, strRepository

 

Usage:

drainware_logon.vbs LICENSE LOCATION

example: drainware_logon.vbs XXXX-XXXX-XXXX-XXXX \\mynas\resources\dlp\

The location must contains both msi files (for x86 and x64)

Useful links

Create a GPO (Windows 2008)

Initial configuration

In this section, we will go through the initial configuration of Drainware. These are the available options in the left menu (red area) of Drainware once you sign in.

menu

Credentials

In this section, we can update our password. If we want to change it, we also have to fill in the current password.

credentials

Subscription

Drainware has two different subscription types. One is the Freemium option, which offers a monthly service with a limit of 500 security events; after 500 events, the organization will be unprotected until the first day of the next month.

On the other hand, we offer a Premium subscription that is based on the number of users you wish to protect. The Premium subscription includes unlimited events (as long as use remains reasonable).

In this section, it is possible to check the validity of the subscription and upgrade it in the case of using a Freemium subscription.

If you have questions about this section, please write an e-mail to sales@drainware.com and our sales team will be happy to assist you.

Groups

It is possible that in your organization you would like to apply different policies depending on groups of users. We can organize the groups by areas or departments, depending on the requirements of the organization.

In this section, we can create the groups inside our platform and then apply policies directly over them.

It is possible to integrate the groups in the organization directly with Drainware, and this topic is explained in more detail in section 4.5.

Users

Every time that user logs in to a computer protected with Drainware, the server is notified, and it will register it in the system. From that moment, we can associate that user to one or more groups.

Authentication

To integrate Drainware with your organization, we offer an authentication module. We have 2 different options to configure the authentication module: local authentication or LDAP.

By default, Drainware works in the local authentication mode, in such a way that the group information is already in our platform.

With the LDAP option, it’s possible to integrate an LDAP server or Active Directory Domain to be able to use the users and groups of the organization.

If you want to integrate LDAP, it’s necessary to open the LDAP port to the Internet. We recommend opening it with SSL exclusively.

If you want to integrate it with Active Directory, you should use the following information:

Field Value
Type LDAP
SSL Depending on your configuration
Version 2.0
Host IP or Computer Name
Port 389 or 636 if it’s SSL
DN DOMAIN\user
Password User Password
Base DC=DOMAIN, DC=LOCAL
User Attr sAMAccountName
Recursive Groups Optional

We recommend to use always LDAP with SSL and to block any connection except if it comes from our public IP Adress.

We also have the “Recursive Groups” option. This option allows users in nested groups to resolve the groups to which they don’t directly belong.

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotation: If an LDAP user doesn’t belong to any of the imported groups, it will belong to the default group automatically.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

When the LDAP is integrated, all users will be available in the platform however the same doesn’t happen with the groups. The groups must be imported one by one from the group’s section, which will also be integrated with LDAP.

Time Zone

It’s possible that the employees of an organization work or travel around the world. Therefore, in Drainware, we work with the UTC time zone. In order to translate the time between different time zones, we offer the possibility to select the time zone where the administrator wishes to see the events.

Dashboard

The main window of Drainware shows an overview of the security events that happened since the installation of Drainware. It also shows the details of the events that happened since the beginning of every month.

Macintosh HD:Users:jose:Desktop:dashboard.png

For Freemium users, it shows a status bar that shows the monthly events. When the number of events reaches 500, Drainware will stop working until the beginning of the next month. The administrator will then receive an e-mail notification that the organization is not protected with Drainware anymore.

Tip:

To the right of the monthly events bar, you can find a link to get more free events per month in the Freemium version. To receive more free events, you only have to share a link with the reference code. For every verified installation referred to this code, Drainware will give you 100 extra free events per month.

DLP

In the DLP module (Data Loss Prevention), we can control the confidential information inside the organization to prevent data leaks.

Macintosh HD:Users:jose:Desktop:menu_dlp.png

Policies

The policies define what information you want to monitor and what action will be carried out. In the policies creation section, we provide a wizard that makes the whole process easier. We’re going to create a policy with the name POL001 and the description of “Policy 1”.

Macintosh HD:Users:jose:Desktop:pol1.png

In the first step we have to provide a name and a short description of the policy:

Macintosh HD:Users:jose:Desktop:pol2.png

In the next step, we have to define the information that we want to protect.

We can see the next menu:

  • Concepts / Subconcepts: patterns predefined by Drainware to identify the information.
  • Applications: applications that we’ll deny any access to confidential information.

As we continue configuring Drainware, this section will contain other elements such as rules, files, and network sites; which will see in the next sections.

Macintosh HD:Users:jose:Desktop:pol3.png

If we expand the Concepts/Subconcepts we will see a big list of categories. We can include a subconcept in our policy like Visa or the credit card concept that would include all credit card types.

Macintosh HD:Users:jose:Desktop:pol4.png

In the applications section, we can see a list (that can be extended by the user) that allows the blocking of several programs.

Macintosh HD:Users:jose:Desktop:pol5.png

In Step 3 we can see a list of the groups that we have already imported, the action that will be carried out, and the severity (how severe is the group of users that triggered the policy).

Macintosh HD:Users:jose:Desktop:pol6.png

We only have to select the groups that we want to be affected by the policy. When defining the action, it can be:

  • Log: logs the event in the Drainware database for audit purposes.
  • Alert: an e-mail is sent by default to the e-mail address used for sign up in Drainware, but it can be overridden by another address specified only for this policy.
  • Block: prevents filtering of information.

In all cases, the employee that executes the policy will see a notification.

Macintosh HD:Users:jose:Desktop:pol7.png

We only have to click the “Finalize” button and the policy will be created.

Macintosh HD:Users:jose:Desktop:pol8.png

Every time we create a policy, it will appear in the policies list. In this list, we have 3 buttons:

  • Configuration: we can configure the information to protect, like we configured in step 2.
  • Action: we can re-define actions for the different groups, like we configured in step 3.
  • Remove: removes the policy.

Once the policy is created, it can’t be renamed.

Macintosh HD:Users:jose:Desktop:pol9.png

Rules

With “Rules”, we can define our own information patterns to protect inside the policies. We can include, for example, confidential footers that we usually introduce in documents with confidential information. We can also add regular expressions that describe any confidential documents that we want to protect.

To create a rule, we have to introduce a name without spaces and special characters (A), a description (B), optionally, we can include a verification function in PHP (C) and we can define which policies we want to associate with this rule (D). Like policies, rules can’t be renamed either.

Tip:

If we want to use a verification function in PHP, it will receive the variable “$match” that contains the resulting match after the regular expression is applied. It will be necessary that after analyzing $match, it will assign TRUE (accept match) or FALSE (deny match) to the “$return_val” variable.

Macintosh HD:Users:jose:Desktop:rule.png

Files

For very exceptional cases, it’s possible that a rule can’t cover all our requirements and we’d want to sign up for a file. In these cases, we can upload a file to help Drainware to identify when someone is trying to filter information.

The procedure is very simple. We can upload one or more files and they will be automatically available to associate with our policies. We only have to go to the policy configuration and select the filename.

Every time we upload a file, this will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:files.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Before uploading a file, we suggest to use a unique filename or even put the current date to distinguish it from another with the same name.

 

Network Sites

In the network sites section, we can add Windows shared folders with the format \\server\resource.

This functionality is one of the most interesting ones. The endpoint software is ready to identify all the files copied in a computer from the shared folder added in Drainware. Once the file is copied, Drainware will check every file or every copy of them throughout the computer’s file system, allowing you to work with it, but denying its filtration.

For Network URI, we have to input the shared folder location., We must also introduce a short description, and then select the different policies to apply.

It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:network place.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Only files that have been copied after add the shared folder will be monitored.

 

Applications

To add more applications and include them in our policies, we can add them in the “Manage Applications” section.

To add a new application, we will need its name, for example, iexplorer.exe, or skype.exe. Similarly to the other sections, we have to put a short description and select the policies to associate with it. It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:apps.png

Advanced

Description: Macintosh HD:Users:jose:Desktop:block_crypt.png In the Advanced section of Drainware, we can configure the behavior of the DLP. We have 3 sections to configure its behavior.

The first section will allow us to block access to encrypted information within particular groups. The behavior will be the same as a file affected by blocked policy.

Description: Macintosh HD:Users:jose:Desktop:evidence.png

The second section will allow us to collect evidence every time an event is carried out. This configuration is directly related to an action defined in the policy, where we can define a criticality level for each group. In this configuration, we can select ‘None’ if we don’t want to collect evidence or the minimum level from which we would want to make for the collection. If we select the low level, the collection will be available for the low, medium, and high levels. If we select the medium level, it will be available only for the medium and high levels. And if we select high, it will be available only for that level.

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The configuration of the evidence collector is only available for the Premium users. The Freemium users will receive the first 3 screenshots every month.

 

In the last section, we can globally enable or disable modules that affect all policies. In Drainware we consider 3 types of elements:

  • Source: information origin
  • Sink: information destination
  • Pipe: information channel

Description: Macintosh HD:Users:jose:Desktop:dlp_advanced.png

In sources, we currently only have “Network device”. That allows us to recognize Windows shared folders. If we disable this origin, the “Network Sites” section will stop working and it won’t be visible in the menu anymore.

In Sinks we have several modules that monitor the application of the corresponding action (block, alert or log):

  • Dropbox
  • Skydrive
  • Google Drive
  • Network Device
  • Pendrive
  • Printer

Finally, in Pipes we can monitor:

  • Clipboard Image
  • Clipboard Text
  • Keylogger

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The keylogger module doesn’t allow block the tipping, because until it isn’t written it can’t be analyzed.

 

Notifications

Notifications can’t be configured in the DLP menu, they must be defined in the “General” section, but they are directly related to the DLP.

The notifications allow, as long as we have a browser opened and logged in, the receiving of notifications in real-time when an event is carried out.

We don’t recommend enabling the notifications for all actions and events, because, if they are executed regularly, it can be annoying.

The notifications are HTML5 notifications and they are integrated with the desktop of the operating system, as long as the browser and the operating system support it.

Description: Macintosh HD:Users:jose:Desktop:notifications.png

Sandbox

The Sandbox feature allows us to protect applications against virus. It’s not an antivirus replacement, but rather, a complement.

Description: Macintosh HD:Users:jose:Desktop:menu_sandbox.png

Previously, hackers took advantage of security problems in the server’s software to gain access to the organization. But a security suite was developed to enable firewalls, IDS, IPS…

In the last few years, hackers have taken advantage of new vectors. Using tools like LinkedIn, they can discover who a financially responsible person is, and what contacts he has. From that moment they can make an attack based on spear-phishing that consists of sent e-mails assuming his identity with an attached PDF or an URL that steals data or opens a connection to the outside.

Applications

In Drainware, we develop rules that allow us to block the affected applications before the system will be affected.

Description: Macintosh HD:Users:jose:Desktop:sandbox.png

Inspector

With the Inspector module, you can search in real-time over all the computers in the organization.

Description: Macintosh HD:Users:jose:Desktop:menu_inspector.png

It’s possible that in the organization we have a person or a group of people working with the kind of information to which they shouldn’t have access. It could be done unconsciously or premeditated. Either way, we can find out with the Inspector tool.

Furthermore, once we have experienced a leak of information, it is often very difficult to check all the computers where the related document was. With Inspector, it is possible in seconds, to find very specific files, download them, and even browse through the file system of the computers affected.

Remote search

With the remote search we can start to obtain results.

Description: Macintosh HD:Users:jose:Desktop:search_result.png

The search can take several minutes. The results are shown grouped by the name of the computer where the file was found. Expanding the results by computer, it’s possible to see the file details by clicking on it. We can see information about the modification date, file name, mime type, creation date, and short information about the file header. It’s also possible to download it.

Description: Macintosh HD:Users:jose:Desktop:details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search by very short terms or generic terms. The result can take too much time or it can be unmanageable.

 

It’s possible to browse through one of the computers listed in the results. To do this, you must click on the computer name or IP address (red area).

Description: Macintosh HD:Users:jose:Desktop:browse.png

The file explorer feature is further detailed in section 7.3 of this manual.

Multiple Remote Searches

If we want to search for a lot of terms, it’s possible to use the Multiple Remote Searches function.

To use this feature, you have to create a file with all the search terms in one line, separated by commas. We can create different lines, each one with its own keywords.

keyWordGroupA-1, keyWordGroupA-2, keyWordGroupA-3

keyWordGroupB-1, keyWordGroupB-2

keyWordGroupC-1, keyWordGroupC-2, keyWordGroupC-3

The file extension must be TXT. In addition to uploading the file, we must input a name for this report.

Description: Macintosh HD:Users:jose:Desktop:multiple.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search for very short terms or generic terms. The results can take too much time to obtain, or the results can be unmanageable.

 

Remote Files explorer

The Remote Files Explorer allows us to inspect any computer in the organization with Drainware installed.

We will have to provide some details about the computer: computer name, IP address, and optionally, the path. From this point, we can browse through any device in the computer and even download files.

Description: Macintosh HD:Users:jose:Desktop:browse_details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Drainware is not developed to be an FTP server. Downloading a file with several MB in size can take several minutes until the download starts.

Remote Devices

With this feature, we can see the geographic position of all the devices that have Drainware installed.

In most cases, the geolocation is performed through the IP address, but when the Wi-Fi is activated, it’s possible that the geolocation is performed through Wi-Fi triangulation.

Description: Macintosh HD:Users:jose:Desktop:inspector_map.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Make sure that you don’t refresh the webpage until all the endpoints have responded, especially in networks with thousands of endpoints, as the webpage loading could take several minutes.

In addition to the geolocation of the devices, it’s possible to get a network map encapsulating all the computers that belong to the same ranges. To that effect, we will click on the Network View tab.

Description: Macintosh HD:Users:jose:Desktop:Screen Shot 2013-11-19 at 14.59.29.png

The results are shown in circles, where every circle represents a range or a group of ranges.

Description: Macintosh HD:Users:jose:Desktop:network-1.png

Description: Macintosh HD:Users:jose:Desktop:network3.png It’s possible to click on the segments that we want to inspect and see all the computers connected at that moment.

Reporter

With the Reporter module, we can have access to the data recorded by Drainware. We can get details of every module or statistic from the global behavior of the DLP, Inspector, or Sandbox.

Description: Macintosh HD:Users:jose:Desktop:menu_reporter.png

DLP Events

Once we open the DLP events information, we can see a graph with all the events related to the data leak. Under the graph, we can see a table with a list of related events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Description: Macintosh HD:Users:jose:Desktop:DLP.png

The list only shows a preview of the event. If we want to see detailed information, we must click on it.

The details of each event are shown in a table that provides all the information related to the event. Depending on the configuration, it’s also possible to see a screenshot done at the same moment that the event was carried out.

Description: Macintosh HD:Users:jose:Desktop:DLP_events.png

Description: Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Freemium users can only see the first 3 screenshots every month.

Under the table, there is a button which generates a report with the latest security events.

Description: Macintosh HD:Users:jose:Desktop:export.png

If we want to find events by a range of dates, event type, policy, severity, rule, etc., we can use the “Advanced Query” system. As we can have a result with too many events, it’s possible to fill in the maximum number of events we want to show in the result.

Description: Macintosh HD:Users:jose:Desktop:DLP_reporter_Search.png

Every time a query is generated, it’s possible to export the results in CSV format. In order to do this, you have to click on the Generate Report button at the end of the page:

Description: Macintosh HD:Users:jose:Desktop:export.png

DLP Stats

The events and detail of events information is interesting, but in many cases, it’s necessary to have a view at a higher level of what is happening with confidential information or to know how the policies that we have configured are working. To do so, we will create data analysis and statistics.

Activity

In the same graph, it represents the average between severity, action, and the number of events. The policies with more events are located to the right, with the vertical axis representing the average of the actions carried out, where the block is the highest part. The average of the severity is shown in the size of the circle. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:dlp_report.png

Groups by policy

In this graph we can see the groups that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:group_by_policy.png

Users by policy

In this graph, we can see the users that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:user_by_policy.png

Policy

With the policy graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:policy.png

Groups

With the policy graph we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:group.png

Sandbox Events

We can see a graph with related events with attempts to abuse applications. Under the graph, we can see a table with the list of events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Sandbox Stats

Applications

With the applications graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_apps.png

Groups

With the policy graph, we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_groups.png

Inspector search reports

When we make multiple remote searches from the Inspector section, the results are generated in this section. We can find the report by a range of dates to download in Microsoft Excel format.

Description: Macintosh HD:Users:jose:Desktop:reporter_inspector.png

Troubleshooting

Corporate Proxy

Drainware supports connection through a proxy, either configured in the system or auto-configured. However, if the proxy uses authentication, it’s necessary to enable “*.drainware.com” in the accessible domains without authentication.

If you are using SQUID, the configuration would be the next one:

acl drainware dstdomain .drainware.com

acl CONNECT method CONNECT

acl dwCONNECT dstdomain .drainware.com

http_access allow CONNECT dwCONNECT localnet

http_access allow drainware localnet

 

Share with your friends










Submit

Author

Jose Palanco

VP Threat Intelligence at ElevenPaths