You can test specific Blumira detections after installing Blumira Agent on a Windows device. Follow the procedures below for the named detection rule and look for a related finding in the app after completing the steps.
Enumeration of Credentials in Registry
To test the detection “Enumeration of Credentials in Registry”:
- Open a command prompt and type
reg query HKLM /f password /t REG_SZ /s
- Press Enter.
Clearing of Windows Security Event Log
To test the detection “Clearing of Windows Security Event Log”:
- Open the machine’s Event Viewer.
- Under Windows Logs, right-click Security.
- In the options menu, click Clear Log, then click Clear to confirm the action.
findstr Password Discovery Activity
To test the detection “findstr Password Discovery Activity”:
- Open a command prompt and type this command, replacing <domain> with the local domain that the endpoint is on:
findstr /S /I cpassword \\<domain>\sysvol\<domain>\policies\*.xml
- Press Enter.