Alert Simulation using Playbook for Defender for Cloud - Unsuccessful attempt

Question

Alert Simulation using Playbook for Defender for Cloud - Unsuccessful attempt

Shah Tanveer Aziz 0

I was trying to simulate the alerts in Defender for Cloud on Linux VMs using the play books shared at https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Simulations

https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Simulations/Microsoft%20Defender%20for%20cloud%20Linux%20Detections%20V3.pdf

On every step I have to troubleshoot. Also it is referencing to some snapshots which aren't present in current Azure environment now.

Anyone has tried to successfully simulate the alerts? I would like to get steps to complete the same. Currently I am stuck at the stage where on running hydra command on attacker VM gives error "does not support password authentication".

Thank you

Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2023-03-08T23:58:07.4833333+00:00

Hi Shah Tanveer Aziz ,

At which stage are you facing the issue? Could you provide a screenshot and a full error message?

Also, have you waited the full 5-10 minutes? https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation#simulate-alerts-on-your-azure-vms-linux-

The error seems unrelated to Azure and looks like a linux error that is thrown when password authentication is not enabled.
Shah Tanveer Aziz 0 Reputation points

2023-03-09T07:12:47.7433333+00:00

I am trying to simulate alerts using the playbook shared at the above mentioned location by me.

The one shared by you is from Azure portal and I am able to create those sample Alerts.

Is that enough if I create sample alerts from Azure Portal itself as mentioned by your link? Or the alerts mentioned in playbook are different ?

Thank you