Running an Email Sensor test drive

Procedure

1. Go to Email and Collaboration Security → Email and Collaboration Sensor, and click Email Test Drive.
2. On the Email Test Drive landing page, click Start Test Drive under XDR for Email.
   If you are already a Cloud Email and Collaboration Protection customer and have configured more than one organization in Organization management, select an organization for which you want to run the test drive.
3. On the Email Sensor Test Drive tab that appears, configure the following settings to run an Email Sensor test Drive on the specified email accounts.
   1. Click Grant Permission to grant Cloud Email and Collaboration Protection the permissions to access all mailboxes and the activity data of email accounts.
      If prompted, specify your Microsoft 365 Global Administrator credentials to sign in and click Accept to grant the necessary permissions.
   2. Specify the email addresses of a sender and recipient from your organization to get sample emails from a Trend Micro auto-generated mailbox (email_simulator@<your domain> as the test drive account), simulating various real-world attack scenarios.
      Email and Collaboration Security provides four types of sample emails that are ingested into the internal recipient's Inbox and the internal sender's Sent folder. To view the titles of these emails, click View the sample email list under Run the test drive.

      Note Email Sensor will be enabled on the provided email accounts with required credits allocated. For more information about how Email Sensor consumes Trend Vision One credits, see Credit requirements for Email and Collaboration Security. Due to the ingestion of attack simulation emails, the specified sender and recipient will be assigned a higher asset criticality in Cyber Risk Exposure Management for asset risk score calculation. For more information about the criticality of an asset, see asset criticality.

   3. Click Start Test Drive.
4. View the test drive information and wait until the process is completed.
   You can perform the following operations during and after the test drive is Completed.
   • Discover How Email Sensor Helps: Click the button in the upper-right corner to view how the Email Sensor detection and response data can correlate with and contribute to the cross-layer threat detection in XDR Threat Investigation and a comprehensive understanding of your organization's attack surface in Cyber Risk Exposure Management.
     After the test drive is completed, click Go to App in the Discover How Email Sensor Helps dialog to view the results in each associated app.
   • Extend Email Sensor on More Users: The button provides a quick and easy way to deploy Email Sensor across your organization without the need to go to the Sensor Management screen, if you are satisfied with the Email Sensor capabilities and want to apply Email Sensor to more email accounts.
     1. Click Extend Email Sensor on More Users.
        Email and Collaboration Security will synchronize all users in your organization for you to choose the email accounts to enable Email Sensor on.
     2. Click Yes, Sync All Users and wait until the synchronization is completed.
     3. Click Manage Sensor Detection and select the desired accounts or groups that you want to report activity data to Trend Vision One.
   • New Test Drive: Run a new Email Sensor test drive. You can choose to specify a new internal sender and recipient to validate Email Sensor on.