Attack simulation on agents with suspicious actions and network traffic

how can I safely simulate some authentic attacks to make noise in insightIDR to perform and document the incident response actions? is there a “test tool” from rapid7 or other vendors?


On the network traffic side, we do have an IDS test rule. More details here under the Network sensor IDS health check section

Hi @andreas_welcker for the agent detections if you navigate to Detection Rules you can see all of the existing ABA detections

Screen Shot 2022-02-24 at 12.51.57 PM

If you click into any rule you can see the rule logic, for example Defense Evasion - Disable Windows Defender via the Command line shows quite a few different ways to trigger the Alert

Screen Shot 2022-02-24 at 12.53.15 PM

For example if you ran

Set-MpPreference -DisablePrivacyMode $true

via the command line, it should trigger this alert.

One thing to note you will want to ensure the alert is set to Creates Investigation in order to see an alert come through, if it’s set to Tracks Notable Event or Off it will not fire.