How do we test if Advanced Threat Protection (ATP) is working?

Hi

ATP collects data from different sources like DNS etc.

You can try to find a C&C Server and resolve his DNS server. 

Should work, but tbh ATP is not hard to configure :) 

Hi

ATP collects data from different sources like DNS etc.

You can try to find a C&C Server and resolve his DNS server. 

Should work, but tbh ATP is not hard to configure :) 

I got it configured. I'm just trying to figure out how to test if it is working. How do I test it?

What about running in a PS command prompt:

 (Invoke-WebRequest "http://sophostest.com/callhome").Content

Note:
http://sophostest.com has a sample link to a number of Sophos Labs classified files and categories.  I guess you want the C2 link:

http://sophostest.com/callhome/index.html

Regards,

Jak

When I click http://sophostest.com/callhome/index.html

I get this screen. I suppose this is the expected result, correct?:

I guess that is the page from the XG.  I have a UTM so I get:


I assume you can find some logs on the XG for the block as well as at the client.  On the UTM there is evidence of the block.

Regards,
Jak