Hi all. I'm keen to canvas the opinions of the community in relation to testing and what should be included in a set of test cases to support the release of MD-ATP. From a personal standpoint, my approach has focused on build validation, ensuring that the configuration of MD-ATP meets all design parameters and that all machine sensors are healthy. We also deep dive into endpoint performance and health, run threat simulations (and detections), permissions, and any deployment specific integrations such as SentinelOne. General interface and machine audit tests are also executed.
I'm cognisant that as MD-ATP evolves so should our test cases, however, I would like to baseline our 'core' approach and would value anyone's feedback, perhaps calling out the less obviously test cases or any retrospective views from previous MD-ATP deployments.
Thanks for reading and feel free to drop a comment below!