Running simulations on endpoints with XDR

Procedure

1. Install the Agent on a Windows endpoint.
   1. Go to Endpoint Security → Endpoint Inventory.
   2. Click Download the Agent Installer to obtain the installation package or a URL link to the Windows installer. Install the Agent on the Windows endpoint.
      For Windows endpoints that require a proxy server to connect to external networks, open a command line editor as an administrator and execute the following command:

      EndpointBasecamp.exe /proxy_server_port <proxy_server_ip_or_fqdn:port>

      For example:

      EndpointBasecamp.exe /proxy_server_port 10.1.1.1:80

      Important Endpoint Basecamp only supports HTTP proxies and does not support the use of proxy credentials.

      Important The Agent installer is specifically configured to report to your Trend Vision One console.

   3. After installing the Agent, allow some time for the Windows endpoint to report back to Trend Vision One.
2. Enable XDR on the Windows endpoint.
   1. Go to Endpoint Security → Endpoint Inventory.
   2. On the Available endpoints tab, locate the Windows endpoint you installed the Agent on, select the check box next to the Windows endpoint, and then click Enable to install the necessary XDR components.
   3. Wait until the Windows endpoint appears on the Reporting to XDR tab.
3. Run the desired simulations on the Windows endpoint.
   1. On the Trend Vision One console, click Resource Center () in the bottom left corner.
   2. Click Simulations.
   3. Click Endpoint Attack.
      The Endpoint Attack Simulations dialog appears.
   4. Click the right () and left () arrows to browse available simulations.
   5. Click Download Demo Script to download an archive file to the Windows endpoint.
   6. Extract the archive file on the Windows endpoint.

      Note The archive file is password protected. The password is displayed on the Simulations dialog.

   7. Run the .bat demo script file on the Windows endpoint.
      The Windows Command Prompt opens.
   8. Follow the instructions in the Windows Command Prompt window to execute the demonstration commands.
   9. After executing the commands, go to the Trend Vision One console to view the expected results.

      Note Results might take a few minutes to appear.