Views:

Run simulations with TrendAI Vision One™ Endpoint Security agents on endpoints managed by connected Apex One as a Service and Cloud One - Endpoint & Workload Security instances.

Important
Important
Simulations only supports running scripts on Windows endpoints.
The following steps detail how to connect Apex One as a Service and Cloud One - Endpoint & Workload Security instances, and run simulations. To run simulations on endpoints with a deployed TrendAI Vision One™ Endpoint Security agent with Standard Endpoint Protection or Server & Workload Protection, see Running simulations with TrendAI Vision One™ Endpoint Security agents.
To run simulations on a Deep Security Agent without the TrendAI Vision One™ Endpoint Security agent, see Running simulations on Deep Security Agents endpoints with Activity Monitoring.
To evaluate TrendAI Vision One™ without connecting your endpoint protection products, you can move your endpoints to Standard Endpoint Protection or Server & Workload Protection. For more information, see Evaluate TrendAI Vision One™ Endpoint Security.
Enabling Endpoint detection and response requires credits. Credits are not required during the trial period. For more information, see Credit requirements for TrendAI Vision One™ solutions.
You can use the attack simulation scripts in the Resource Center to test detections and communication on endpoints managed by connected endpoint security products. Running a simulation requires deploying the TrendAI Vision One™ Endpoint Security agent and enabling Endpoint detection and response.

Procedure

  1. Connect your endpoint protection management console in Product Instance.
    For more information, see Connect existing products to Product Instance .
  2. Deploy the TrendAI Vision One™ Endpoint Security agent to connected endpoints.
    • For Apex One as a Service, your endpoints automatically download the TrendAI Vision One™ Endpoint Security agent with the Endpoint Sensor only configuration.
    • For Cloud One - Endpoint & Workload Security, install the TrendAI Vision One™ Endpoint Security agent through the management console. For more information, see Install TrendAI Vision One™ Endpoint Security agent via Deep Security Agent.
  3. Enable Endpoint detection and response on the endpoint.
    If you did not configure a policy for the target endpoint, you can use override settings in Endpoint Inventory to enable Endpoint detection and response.
    1. Go to Endpoint SecurityEndpoint Inventory.
    2. Select the target endpoint.
    3. Click Endpoint security policy and select Override endpoint security policy.
    4. Enable Endpoint detection and response
      Important
      Important
      Enabling Endpoint detection and response requires credits. Credits are not required during the trial period
    5. Click Next and click Apply Override.
  4. Download and run the simulation scripts.
    1. On the TrendAI Vision One™ console, click the Resource Center icon (resourceCenter=73b1d431-813b-467c-8098-62f12bb6e2af.jpg).
    2. Click Simulations.
    3. Click Endpoint Attack.
      The Endpoint Attack Simulations window appears.
    4. Click the right (simulationsRightArrow=20220525102311.png) and left (simulationsLeftArrow=20220525102211.png) arrows to browse available simulations.
    5. Click Download Demo Script to download an archive file.
    6. Extract the archive file on the target endpoint.
      Note
      Note
      The archive file is password protected. Copy the password provided in the Simulations window.
    7. Run the .bat demo script file on the target endpoint.
      The Windows Command Prompt opens.
    8. Follow the instructions in the Command Prompt to execute the demonstration commands.
    9. After executing the commands, go to the TrendAI Vision One™ console to view the expected results.
      Note
      Note
      Results might take a few minutes to appear.