This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Simple guide for AEDA?

Posted on 06-26-2024 05:24 PM
jminycricket323
New Member
Reply posted on --/--/---- --:-- AM

Hello, I'm trying to deploy/make use of the AEDA (advanced environmental drift analysis) module. How do i use it effectively in my environment?

0 1 134
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
James_R
Staff
Reply posted on --/--/---- --:-- AM

AEDA is a tool that runs scheduled jobs in MSV on a regular basis and detects if the tests meet your requirements. Any change can be documented in a notification from the MSV platform. AEDA tests are best if they are relatively small. (No more than 20-25 actions, generally, per AEDA monitor.)

It is recommended to choose actions that you expect to not be blocked, as well as those that you expect to be blocked.  For example, doing a network monitor, you could do one action that is an SSH protocol (which is expected to not be blocked) and another using FTP (that is expected to be blocked).  Changes to either one of these results would show a huge change in the environment and warrant investigation.

Another nice explanation can be found here: https://www.googlecloudcommunity.com/gc/Security-Validation/Mandiant-Security-Validation-AEDA-as-you...