Does anyone have a benign, false positive site that can be used for testing of the IDS of Netskope?
Failing that, a true positive that I can turned the IDS on for in the Dev tenant?
I primarily want to see what it looks like in the logs so when I put it in monitor mode in production I know what I am looking for.
Thanks
It appears that the policy of preventing malicious downloads occurs before the IDS protection. I guess I could disable the Threat Protection policies temporarily in the Dev tenant and see what happens after that, but that might be more effort and more risky then the proposed results. I will think about it some more.
I think my desire now can be rated as a “nice to have” and I will just have to proceed to production claiming that the monitor only mode is safe enough in that it doesn’t perform any action.
You could also bypass the eicar hash while still retaining all other threat protection policies.
You could also bypass the eicar hash while still retaining all other threat protection policies.
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
