The Infection Monkey can help you verify that your security solutions are working the way you expected them to. These may include your IR and SOC teams, your SIEM, your firewall, your endpoint security solution, and more.
The default configuration is good enough for many cases, but configuring testing scope and adding brute-force credentials is a good bet in any scenario.
Running the Monkey on both the Island and on a few other machines in the network manually is also recommended, as it increases coverage and propagation rates.
After running the Monkey, follow the Monkeys’ actions on the Monkey Island’s infection map.
Now you can match this activity from the Monkey timeline display to your internal SIEM and make sure your security solutions are identifying and correctly alerting on different attacks.
While running this scenario, be on the lookout for the action that should arise: Did you get a phone call telling you about suspicious activity inside your network? Are events flowing into your security events aggregators? Are you getting emails from your IR teams? Is the endpoint protection software you installed on machines in the network reporting on anything? Are your compliance scanners detecting anything wrong?
Lastly, check Zero Trust and Mitre ATT&CK reports, to see which attacks can be executed on the network and how to fix it.