Forum Discussion
Alerts doesn't works? - EDR source
Hi, I'm new to Defender and I want to understand a couple of things. I deployed Defender P2 on a windows host and I tried to attack it with rdp brute force. The Timeline show me that the techn...
Hi DylanInfosec,
thank you very much for the explanation on the rdp part, it was very thorough.
In this moment i'm more interested on the linux part because I ran various test with the Atomic Red Team and the and I can't understand if it's normal that they aren't detected, but probably yes.
This is the rootkit test that I mentioned and I can't see the alert:
atomic-red-team/atomics/T1014/T1014.md at master · redcanaryco/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK. - atomic-red-team/atomics/T1014/T1014.md at master · redcanaryco/atomic-red-team
github.com
I also tried these two tests and these works with the alert:
I also ran the default test for onboarding on linux (as you mentioned before) and it works as expected, so the defender is installed correctly.
So my opinion at the momenti is that the Windows part is accurately.
Instead, the linux part not so much.
Thanks in advance for the help
