Forum Discussion
danb1967
Jun 27, 2022Copper Contributor
Generating alerts in test lab
Hi All,
I have set myself up a Defender test lab and I have my DC connected to Defender for Identity and I have 2 user machines that are onboarded to Defender for Endpoint. I also have all the relevant integrations in place with Azure Sentinel also configured.
I am looking to start generating alerts by using various tools on my machines to recreate the kind of activity that would require investigation
Does anyone know of any resources/guides that can teach me how to begin to perform activities that would generate these alerts. Like Lateral Movement and LDAP reconnaissance etc?
- dougsbakerBrass Contributor
MSFT Used to have some really good lab playbooks on this. It looks like they moved it off Prod Tech net and is only avaialble in Git Hub
https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-lab-overview.md
https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-reconnaissance.md
https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-lateral-movement.md
Another option is to use the Built-in Simulation engine from MSFT.
https://security.microsoft.com/tutorials/simulations