Video Screencast Help

Ability to test rules (Detection/Applicability)

Created: 02 Oct 2013 | 1 comment
jlawson's picture
3 Agree
0 Disagree
+3 3 Votes
Login to vote

It would be really nice to have a function when creating rules to test the rule against a system or systems before putting it in use like a task or something.

This forces me to test it against PC's and I have to have PC's laying around in order to test this otherwise it ends up affecting production systems.

Comments 1 CommentJump to latest comment

burndtjammer's picture

heres what I do:

  I install the software on a tech computer or VM.  I then build the software resource and detection rule.  I save the resource and then RC on it and create a targeted software inventory policy.  On the computer with the software installed, update config and then run the inventory policy you just created. This will show you wether it will pass detection when you build the software delivery policy.  (test on a computer that doesnt have the SW installed as well to show that it will fail detection)

 As far as applicabilty, ws that would be nice.

  It would be nice to just see in the console or resource manager if an item will pass or fail.

Login to vote