SOLVED

How We Simulating the Alerts

%3CLINGO-SUB%20id%3D%22lingo-sub-1609865%22%20slang%3D%22en-US%22%3EHow%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1609865%22%20slang%3D%22en-US%22%3E%3CP%3EHI%2C%3C%2FP%3E%3CP%3E%26nbsp%3BInstalling%20the%20Sensor%20on%20One%20DC%20and%20how%20do%20we%20simulate%20the%20attack%20in%20the%20production%20network%20without%20interruption%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETA%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1609865%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1618767%22%20slang%3D%22en-US%22%3ERe%3A%20How%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1618767%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F644958%22%20target%3D%22_blank%22%3E%40aussupport%3C%2FA%3E%26nbsp%3BYou%20can%20start%20with%20the%20Security%20alert%20lab%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-playbook-lab-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-playbook-lab-overview%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1621231%22%20slang%3D%22en-US%22%3ERe%3A%20How%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1621231%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F215466%22%20target%3D%22_blank%22%3E%40Or%20Tsemah%3C%2FA%3E%26nbsp%3B%20This%20is%20in%20Lab%20Environment.%20i%20just%20looking%20some%20simple%20Powershell%20or%20some%20scripts%20to%20run%20on%20production%20and%20monitor%20the%20behavior.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1621267%22%20slang%3D%22en-US%22%3ERe%3A%20How%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1621267%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F644958%22%20target%3D%22_blank%22%3E%40aussupport%3C%2FA%3E%26nbsp%3BThis%20is%20exactly%20what%20this%20guide%20is%20for%2C%20for%20example%2C%20you%20can%20check%20out%20the%20commands%20in%20the%20reconnaissance%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-playbook-reconnaissance%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Eplaybook%3C%2FA%3E%20to%20trigger%20alerts.%3C%2FP%3E%3C%2FLINGO-BODY%3E

Highlighted

HI,

Installing the Sensor on One DC and how do we simulate the attack in the production network without interruption?

3 Replies

Highlighted

@aussupport You can start with the Security alert lab at https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-playbook-lab-overview

Highlighted

@Or Tsemah This is in Lab Environment. i just looking some simple Powershell or some scripts to run on production and monitor the behavior.

Highlighted

@aussupport This is exactly what this guide is for, for example, you can check out the commands in the reconnaissance playbook to trigger alerts.

How We Simulating the Alerts

How We Simulating the Alerts

Re: How We Simulating the Alerts

Re: How We Simulating the Alerts

Re: How We Simulating the Alerts

Products (70)

Special Topics (19)

Video Hub (87)

Most Active Hubs

Most Active Hubs

Video Hub

How We Simulating the Alerts

How We Simulating the Alerts

Re: How We Simulating the Alerts

Re: How We Simulating the Alerts

Re: How We Simulating the Alerts