Views:

Run attack simulation scripts on your endpoints with the Trend Vision One Endpoint Security agent.

Important
Important
Simulations only supports running scripts on Windows endpoints.
Enabling Endpoint detection and response requires allocating credits. Credits are not required during the trial period. For more information, see Credit requirements for Trend Vision One apps and services.
You can use the attack simulation scripts in the Resource Center to test detections and communication with your deployed Trend Vision One Endpoint Security agents. Running a simulation requires deploying the Trend Vision One Endpoint Security agent and enabling Endpoint detection and response.

Procedure

  1. Deploy the Trend Vision One Endpoint Security agent on a Windows endpoint.
    If you have not already deployed the Trend Vision One Endpoint Security agent, see Deploy Agents. Read the deployment instructions before installing the agent. Agents might have additional setup requirements needed to ensure the agent can connect to Trend Vision One.
    Tip
    Tip
    If this is your first time deploying the Trend Vision One Endpoint Security agent, or if you only wish to evaluate the capabilities of Trend Vision One, use the Endpoint Sensor deployment type.
    After installation successfully completes, the agent appears in Endpoint Inventory. The endpoint list might take a few minutes to update. Refresh your browser to view updated information.
  2. Enable Endpoint detection and response on the endpoint.
    If you did not configure a policy for the target endpoint, you can use override settings in Endpoint Inventory to enable Endpoint detection and response.
    1. Go to Endpoint SecurityEndpoint Inventory.
    2. Select the target endpoint.
    3. Click Endpoint security policy and select Override endpoint security policy.
    4. Enable Endpoint detection and response
      Important
      Important
      Enabling Endpoint detection and response requires allocating credits. Credits are not required during the trial period
    5. Click Next and click Apply Override.
  3. Download and run the simulation scripts.
    1. On the Trend Vision One console, click the Resource Center icon (resourceCenter=73b1d431-813b-467c-8098-62f12bb6e2af.jpg).
    2. Click Simulations.
    3. Click Endpoint Attack.
      The Endpoint Attack Simulations window appears.
    4. Click the right (simulationsRightArrow=20220525102311.png) and left (simulationsLeftArrow=20220525102211.png) arrows to browse available simulations.
    5. Click Download Demo Script to download an archive file.
      Note
      Note
      The archive file is password protected. Copy the password provided in the Simulations window.
    6. Extract the archive file on the target endpoint.
    7. Run the .bat demo script file on the target endpoint.
      The Windows Command Prompt opens.
    8. Follow the instructions in the Command Prompt to execute the demonstration commands.
    9. After executing the commands, access the Trend Vision One console and go to Workbench and Observed Attack Techniques to view the results.
      Note
      Note
      Results might take a few minutes to appear.