deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added more content to attack simulations

Browse Source
This commit is contained in:
lomayor 2018-03-01 12:30:33 +11:00
parent 0d2d600599
commit 03bc79fe15
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
View File

@ -23,7 +23,9 @@ ms.date: 28/02/2018
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
## Preparations
You might want to experience Windows Defender ATP before you onboard more than a few machines to the service. To do this, you can run controlled attack simulations on a few test machines. After running the simulated attacks, you can review how Windows Defender ATP surfaces malicious activity and explore how it enables an efficient response.
## Before you begin
To run any of the provided simulations, you need at least [one onboarded machine](onboard-configure-windows-defender-advanced-threat-protection.md).
@ -31,7 +33,13 @@ Read the walkthrough document provided with each attack scenario. Each document
## Run a simulation
1. In **Help** > **Simulations & tutorials**, select the attack scenario you would like to simulate.
1. In **Help** > **Simulations & tutorials**, select which of the available attack scenario you would like to simulate:
- **Scenario 1: Document drops backdoor** - simulates a fileless attack that relies on PowerShell, showcasing attack surface reduction and machine learning detection of malicious memory activity.
- **Scenario 2: PowerShell script in fileless attack** - simulates delivery of a socially engineered lure document. The document launches a specially crafted backdoor that gives attackers control.
- **Scenario 3: Automated incident response** - triggers Automated investigation, which automatically hunts for and remediates breach artifacts to scale your incident response capacity.
2. Download and read the corresponding walkthrough document provided with your selected scenario.
@ -39,6 +47,9 @@ Read the walkthrough document provided with each attack scenario. Each document
4. Run the simulation file or script on the test machine as instructed in the walkthrough document.
>[!NOTE]
>Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise to your test machine.
## Related topics
- [Onboard and set up Windows Defender ATP](onboard-configure-windows-defender-advanced-threat-protection.md)
- [Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)