Views:

Enable Activity Monitoring on Deep Security Agents, and then run the demonstration script to trigger detections in Trend Vision One.

Procedure

  1. Enable Activity Monitoring on Deep Security Agents.
    1. In the Trend Cloud One - Endpoint & Workload Security console, go to Policies, select a policy and click Details.
    2. Go to Activity MonitoringGeneral.
    3. Set the Activity Monitoring State to On.
    1. Click Save.
  2. Run the desired simulations on the Windows endpoint.
    1. On the Trend Vision One console, click Resource Center (resourceCenter=73b1d431-813b-467c-8098-62f12bb6e2af.jpg) in the bottom left corner.
    2. Click Simulations.
    3. Click Endpoint Attack.
      The Endpoint Attack Simulations dialog appears.
    4. Click the right (simulationsRightArrow=20220525102311.png) and left (simulationsLeftArrow=20220525102211.png) arrows to browse available simulations.
    5. Click Download Demo Script to download an archive file to the Windows endpoint.
    6. Extract the archive file on the Windows endpoint.
      Note
      Note
      The archive file is password protected. The password is displayed on the Simulations dialog.
    7. Run the .bat demo script file on the Windows endpoint.
      The Windows Command Prompt opens.
    8. Follow the instructions in the Windows Command Prompt window to execute the demonstration commands.
    9. After executing the commands, go to the Trend Vision One console to view the expected results.
      Note
      Note
      Results might take a few minutes to appear.