e1bcb27011
|
||
|---|---|---|
| .. | ||
| Azure Security Center Hunting Playbook_V2.pdf | ||
| Azure Security Center Linux Detections_v2.pdf | ||
| Azure Security Center Security Alerts Playbook_v2.pdf | ||
| Microsoft Defender for Cloud Hunting Playbook_V3.pdf | ||
| Microsoft Defender for Cloud Security Alerts Playbook_v3.pdf | ||
| Microsoft Defender for cloud Linux Detections V3.pdf | ||
| README.md | ||
README.md
Microsoft Defender for Cloud Simulation Playbook
There are many ways to simulate an alert in Microsoft Defender for Cloud and if you just want a simple validation to get an alert, use the procedures described in this article. For a more scenario-based approach, you have the resources below that you can use to validate different threat detections capabilities available in Microsoft Defender for Cloud.
Alert Simulation for Defender for Servers (Azure and Non-Azure VMs - Windows)
-
Download this PDF and follow the steps to configure a lab environment to test Windows VM-based threat detection.
If you are testing the integration with MDE, use this article to validate the alert integration. Make sure that the server that you are testing this procedure is already onboarded and using MDATP.
Alert Simulation for Defender for Servers (Azure and Non-Azure VMs - Linux)
-
Download this PDF and follow the steps to configure a lab environment to test Linux VM-based threat detection.
Alert Simulation for Defender for Containers
-
This article go over the steps to simulate alerts in Azure Kubernetes Services and Azure Container Registry.
Alert Simulation for Defender for Storage
-
This article go over the steps to simulate an upload of a test malware (EICAR) to an Azure Storage account that has Defender for Storage enabled.
Alert Simulation for Defender for Key Vault
-
This article go over the steps to simulate an anonymizer access to the Key Vault using a TOR browser.
Alert Simulation for Defender for Resource Manager
-
This article go over the steps to simulate an extension manipulation using Azure Resource Manager.
Alert Simulation for Defender for DNS
-
This article go over the steps to simulate an attack that can be identified by Azure Defender for DNS.
Alert Simulation for Defender for App Service
-
This article go over the steps to simulate an attack that can be identified by Defender for App Service.
Alert Simulation for Defender for SQL on Machines
-
This article go over the steps to simulate an attack that can be identified by Defender for SQL on Machines.
Alert Simulation for Defender for APIs
-
This article covers the steps to simulate an attack on an API endpoint that can be identified by Defender for APIs.
Threat Hunting in Microsoft Defender for Cloud and Log Analytics Workspace
-
This simulation playbook go over a threat hunting scenario using Microsoft Defender for Cloud and searching for evidences of attack in Log Analtyics workspace.
-
Download this PDF and follow the steps to configure a lab environment, simulate alerts in Windows and query data using KQL in Log Analytics workspace.