There are many ways to simulate an alert in Microsoft Defender for Cloud and if you just want a simple validation to get an alert, use the procedures described in this article. For a more scenario-based approach, you have the resources below that you can use to validate different threat detections capabilities available in Microsoft Defender for Cloud.
-
Download this PDF and follow the steps to configure a lab environment to test Windows VM-based threat detection.
If you are testing the integration with MDE, use this article to validate the alert integration. Make sure that the server that you are testing this procedure is already onboarded and using MDATP.
-
Download this PDF and follow the steps to configure a lab environment to test Linux VM-based threat detection.
-
This article go over the steps to simulate alerts in Azure Kubernetes Services and Azure Container Registry.
-
This article go over the steps to simulate an upload of a test malware (EICAR) to an Azure Storage account that has Defender for Storage enabled.
-
This article go over the steps to simulate an anonymizer access to the Key Vault using a TOR browser.
-
This article go over the steps to simulate an extension manipulation using Azure Resource Manager.
-
This article go over the steps to simulate an attack that can be identified by Azure Defender for DNS.
-
This article go over the steps to simulate an attack that can be identified by Defender for App Service.
-
This article go over the steps to simulate an attack that can be identified by Defender for SQL on Machines.
-
This article covers the steps to simulate an attack on an API endpoint that can be identified by Defender for APIs.
-
This simulation playbook go over a threat hunting scenario using Microsoft Defender for Cloud and searching for evidences of attack in Log Analtyics workspace.
-
Download this PDF and follow the steps to configure a lab environment, simulate alerts in Windows and query data using KQL in Log Analytics workspace.