SOLVED

How We Simulating the Alerts

%3CLINGO-SUB%20id%3D%22lingo-sub-1609865%22%20slang%3D%22en-US%22%3EHow%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1609865%22%20slang%3D%22en-US%22%3E%3CP%3EHI%2C%3C%2FP%3E%3CP%3E%26nbsp%3BInstalling%20the%20Sensor%20on%20One%20DC%20and%20how%20do%20we%20simulate%20the%20attack%20in%20the%20production%20network%20without%20interruption%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETA%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1609865%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1618767%22%20slang%3D%22en-US%22%3ERe%3A%20How%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1618767%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F644958%22%20target%3D%22_blank%22%3E%40aussupport%3C%2FA%3E%26nbsp%3BYou%20can%20start%20with%20the%20Security%20alert%20lab%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-playbook-lab-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-playbook-lab-overview%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1621231%22%20slang%3D%22en-US%22%3ERe%3A%20How%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1621231%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F215466%22%20target%3D%22_blank%22%3E%40Or%20Tsemah%3C%2FA%3E%26nbsp%3B%20This%20is%20in%20Lab%20Environment.%20i%20just%20looking%20some%20simple%20Powershell%20or%20some%20scripts%20to%20run%20on%20production%20and%20monitor%20the%20behavior.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1621267%22%20slang%3D%22en-US%22%3ERe%3A%20How%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1621267%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F644958%22%20target%3D%22_blank%22%3E%40aussupport%3C%2FA%3E%26nbsp%3BThis%20is%20exactly%20what%20this%20guide%20is%20for%2C%20for%20example%2C%20you%20can%20check%20out%20the%20commands%20in%20the%20reconnaissance%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-playbook-reconnaissance%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Eplaybook%3C%2FA%3E%20to%20trigger%20alerts.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

HI,

 Installing the Sensor on One DC and how do we simulate the attack in the production network without interruption?

 

TA

3 Replies
Highlighted
Highlighted

@Or Tsemah  This is in Lab Environment. i just looking some simple Powershell or some scripts to run on production and monitor the behavior. 

Highlighted
Best Response confirmed by aussupport (Contributor)
Solution

@aussupport This is exactly what this guide is for, for example, you can check out the commands in the reconnaissance playbook to trigger alerts.