The following are built-in rules for testing and demo:
- Rule 2244 - DEMO RULE - ICMP (Request)
- Rule 2245 - DEMO RULE - DNS (Request)
- Rule 2246 - DEMO RULE - HTTP (Request)
- Rule 2247 - DEMO RULE - SMB (Request)
- Rule 2248 - DEMO RULE - SMTP (Request)
- Rule 2249 - DEMO RULE - KERBEROS (Request)
To verify if the Network Content Inspection Engine (NCIE) or demo rules are working properly, for instance, Rule 2245 - DEMO RULE - DNS (Request), perform the following on any host that is in a DDI monitored network:
- Use the nslookup command to generate DNS request packet to resolve “ddi.detection.test”.
- Open the DDI web console and go to Detections > All Detections to verify if DDI has detected a violation.
-
To see more detection information, check the Detail column.
-
Notice the severity of the demo rules are all 'Informational' and with a few different attack phases.
- In addition, note that within the same hour, there will be, at a maximum, 10 logs for each demo rule detection.
-
For more information about demo rules, refer to the Knowledgebase article: Using Deep Discovery Inspector (DDI) demo rules to validate monitored traffic.