deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added more content to attack simulations

Browse Source
This commit is contained in:
lomayor 2018-03-01 12:30:33 +11:00
parent 0d2d600599
commit 03bc79fe15
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
View File

@ -23,7 +23,9 @@ ms.date: 28/02/2018
- Windows 10 Pro Education - Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Windows Defender Advanced Threat Protection (Windows Defender ATP)
## Preparations You might want to experience Windows Defender ATP before you onboard more than a few machines to the service. To do this, you can run controlled attack simulations on a few test machines. After running the simulated attacks, you can review how Windows Defender ATP surfaces malicious activity and explore how it enables an efficient response.
## Before you begin
To run any of the provided simulations, you need at least [one onboarded machine](onboard-configure-windows-defender-advanced-threat-protection.md). To run any of the provided simulations, you need at least [one onboarded machine](onboard-configure-windows-defender-advanced-threat-protection.md).
@ -31,7 +33,13 @@ Read the walkthrough document provided with each attack scenario. Each document
## Run a simulation ## Run a simulation
1. In **Help** > **Simulations & tutorials**, select the attack scenario you would like to simulate. 1. In **Help** > **Simulations & tutorials**, select which of the available attack scenario you would like to simulate:
- **Scenario 1: Document drops backdoor** - simulates a fileless attack that relies on PowerShell, showcasing attack surface reduction and machine learning detection of malicious memory activity.
- **Scenario 2: PowerShell script in fileless attack** - simulates delivery of a socially engineered lure document. The document launches a specially crafted backdoor that gives attackers control.
- **Scenario 3: Automated incident response** - triggers Automated investigation, which automatically hunts for and remediates breach artifacts to scale your incident response capacity.
2. Download and read the corresponding walkthrough document provided with your selected scenario. 2. Download and read the corresponding walkthrough document provided with your selected scenario.
@ -39,6 +47,9 @@ Read the walkthrough document provided with each attack scenario. Each document
4. Run the simulation file or script on the test machine as instructed in the walkthrough document. 4. Run the simulation file or script on the test machine as instructed in the walkthrough document.
>[!NOTE]
>Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise to your test machine.
## Related topics ## Related topics
- [Onboard and set up Windows Defender ATP](onboard-configure-windows-defender-advanced-threat-protection.md) - [Onboard and set up Windows Defender ATP](onboard-configure-windows-defender-advanced-threat-protection.md)
- [Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) - [Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)