How to generate a test detection with Trellix EDR
Last Modified: 2024-03-08 08:45:47 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to generate a test detection with Trellix EDR
Technical Articles ID:
KB93745
Last Modified: 2024-03-08 08:45:47 Etc/GMT Environment
Trellix EDR version 3.x and later for Windows Trellix EDR version 4.1 and later for Linux Trellix EDR version 4.2 and later for Mac Microsoft Windows Operating System Linux Operating System Mac Operating System Summary
After the successful deployment and initial configuration of Trellix EDR, you'll want to test whether the product is functioning correctly. To test, trigger a dummy endpoint detection and verify whether the alert is accurately shown in the Trellix EDR workspace. Steps to perform in a Mac Operating System: This script mimics a credential steal attack. It disguises itself as a System Preferences process requesting the user's password. In this case, the user's input is discarded so there's no threat to the system. Mitre technique observed: https://attack.mitre.org/techniques/T1056/002/ NOTE: The permissions from Step 4 below can be removed from System Preferences, Security & Privacy, Automation.
Steps to perform in Windows Operating System: You can verify that the Trellix EDR client is correctly generating Trace detections. Use
Steps to perform in a Linux operating system:
Attachment 1Attachment 2Attachment 3Affected ProductsLanguages:This article is available in the following languages: |
|