API - Detected Exploits

Hi Lior Dahan1,

There currently isn't a way to create a dummy entry for parsing of the return data. I will talk to the PM about this and see what we can do. The current only way is to actually generate a detection on the machine. 

Thanks for the answer!

If it is impossible to generate a dummy, can you guide me on how to generate a detection even if it's real?

You can use these to have a secure test and trigger an event:

• http://sophostest.com/
• https://www.eicar.org/?page_id=3950
• https://www.knowbe4.com/ransomware-simulator

or you search for common ransomware testfiles like "Locky" or "Wannacry" at your own risk. I'm not allowed to share these files directly here as we have to follow the community guidelines. Please be aware that running malicious files could harm your system. Consider using a virtual machine to run them. Don't forget to enable Sophos products on the testing devices and be aware that you've secured your VM environment like networking isolation and disabling Copy&Paste, etc. 

Thanks,

I did run some of the files in the links and they do get picked up as alerts, but whenever I query the detected exploit REST endpoint it is empty.

Detected Exploits are specific to the Intercept X elements and can't be triggered easily. I have reached out to the PM to see if we can provide a solution for this - even if it is dummy seed data into the account. I will keep you advised.

Detected Exploits are specific to the Intercept X elements and can't be triggered easily. I have reached out to the PM to see if we can provide a solution for this - even if it is dummy seed data into the account. I will keep you advised.