Skip to main content Link Menu Expand (external link) Document Search Copy Copied
TechWorkshop L300 Understanding XDR

Task 07: Enable Live Response and upload a script

  1. In the leftmost pane, go to System > Settings.

  2. Select Endpoints.

  3. Stay on General > Advanced features.

  4. Verify whether Live Response, Live response for servers, and Live response unsigned script execution settings have been turned on. If not, turn it on and select Save.

    Containment-43.png

  5. In the leftmost pane, select Assets > Devices.

    Containment-44.png

  6. Select your onboarded Azure Windows VM, winvm-mde.

    Containment-45.png

  7. In the upper-right corner of the page, select the ellipsis to open the More actions menu, then select Initiate Live Response Session.

    Containment-46.png

  8. In the console, run dir to confirm access.

    Containment-47.png

  9. In the upper-right corner of the page, select Upload file to library.

    Containment-48.png

    Depending on window size, you may need to select the ellipsis in the upper-right corner of the page to open the More actions menu to see the option.

  10. In the flyout pane, select Upload file to library.

  11. On the lab VM, @lab.VirtualMachine(Workstation1).SelectLink, go to C:\Lab Files, select the lr-proof PowerShell script, then select Open.

    gdbvcoo7.jpg

    In production, sign your scripts.

  12. At the bottom of the flyout pane, select Submit.