SOLVED

How We Simulating the Alerts

%3CLINGO-SUB%20id%3D%22lingo-sub-1609865%22%20slang%3D%22en-US%22%3EHow%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1609865%22%20slang%3D%22en-US%22%3E%3CP%3EHI%2C%3C%2FP%3E%3CP%3E%26nbsp%3BInstalling%20the%20Sensor%20on%20One%20DC%20and%20how%20do%20we%20simulate%20the%20attack%20in%20the%20production%20network%20without%20interruption%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETA%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1609865%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1618767%22%20slang%3D%22en-US%22%3ERe%3A%20How%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1618767%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F644958%22%20target%3D%22_blank%22%3E%40aussupport%3C%2FA%3E%26nbsp%3BYou%20can%20start%20with%20the%20Security%20alert%20lab%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-playbook-lab-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-playbook-lab-overview%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1621231%22%20slang%3D%22en-US%22%3ERe%3A%20How%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1621231%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F215466%22%20target%3D%22_blank%22%3E%40Or%20Tsemah%3C%2FA%3E%26nbsp%3B%20This%20is%20in%20Lab%20Environment.%20i%20just%20looking%20some%20simple%20Powershell%20or%20some%20scripts%20to%20run%20on%20production%20and%20monitor%20the%20behavior.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1621267%22%20slang%3D%22en-US%22%3ERe%3A%20How%20We%20Simulating%20the%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1621267%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F644958%22%20target%3D%22_blank%22%3E%40aussupport%3C%2FA%3E%26nbsp%3BThis%20is%20exactly%20what%20this%20guide%20is%20for%2C%20for%20example%2C%20you%20can%20check%20out%20the%20commands%20in%20the%20reconnaissance%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-playbook-reconnaissance%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Eplaybook%3C%2FA%3E%20to%20trigger%20alerts.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

HI,

 Installing the Sensor on One DC and how do we simulate the attack in the production network without interruption?

 

TA

3 Replies

@Or Tsemah  This is in Lab Environment. i just looking some simple Powershell or some scripts to run on production and monitor the behavior. 

best response confirmed by aussupport (Contributor)
Solution

@aussupport This is exactly what this guide is for, for example, you can check out the commands in the reconnaissance playbook to trigger alerts.

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE