cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Generating alerts in test lab

danb1967
Copper Contributor

‎Jun 27 2022 02:52 AM

‎Jun 27 2022 02:52 AM

Generating alerts in test lab

Hi All,

 

I have set myself up a Defender test lab and I have my DC connected to Defender for Identity and I have 2 user machines that are onboarded to Defender for Endpoint. I also have all the relevant integrations in place with Azure Sentinel also configured.

 

I am looking to start generating alerts by using various tools on my machines to recreate the kind of activity that would require investigation

 

Does anyone know of any resources/guides that can teach me how to begin to perform activities that would generate these alerts. Like Lateral Movement and LDAP reconnaissance etc? 

1,115 Views
0 Likes
1 Reply
Reply
1 Reply
dougsbaker

‎Jul 06 2022 07:47 AM

‎Jul 06 2022 07:47 AM

Re: Generating alerts in test lab


MSFT Used to have some really good lab playbooks on this. It looks like they moved it off Prod Tech net and is only avaialble in Git Hub

https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-lab-overview.md
https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-reconnaissance.md
https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-lateral-movement.md

Another option is to use the Built-in Simulation engine from MSFT.
https://security.microsoft.com/tutorials/simulations
0 Likes
Reply