Forum Discussion
Generating alerts in test lab
Hi All,
I have set myself up a Defender test lab and I have my DC connected to Defender for Identity and I have 2 user machines that are onboarded to Defender for Endpoint. I also have all the relevant integrations in place with Azure Sentinel also configured.
I am looking to start generating alerts by using various tools on my machines to recreate the kind of activity that would require investigation
Does anyone know of any resources/guides that can teach me how to begin to perform activities that would generate these alerts. Like Lateral Movement and LDAP reconnaissance etc?
1 Reply
MSFT Used to have some really good lab playbooks on this. It looks like they moved it off Prod Tech net and is only avaialble in Git Hub
https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-lab-overview.md
https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-reconnaissance.md
https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-lateral-movement.md
Another option is to use the Built-in Simulation engine from MSFT.
https://security.microsoft.com/tutorials/simulations
