how can I safely simulate some authentic attacks to make noise in insightIDR to perform and document the incident response actions? is there a “test tool” from rapid7 or other vendors?
thanks.
On the network traffic side, we do have an IDS test rule. More details here under the Network sensor IDS health check section
https://docs.rapid7.com/sensor/insight-network-sensor-troubleshooting
Hi @andreas_welcker for the agent detections if you navigate to Detection Rules you can see all of the existing ABA detections
If you click into any rule you can see the rule logic, for example Defense Evasion - Disable Windows Defender via the Command line shows quite a few different ways to trigger the Alert
For example if you ran
Set-MpPreference -DisablePrivacyMode $true
via the command line, it should trigger this alert.
One thing to note you will want to ensure the alert is set to Creates Investigation in order to see an alert come through, if it’s set to Tracks Notable Event or Off it will not fire.
David
2 Likes