Question: how to test existing detections?

[cb13579]

Hi,

this is probably a newcomer question, but I did not find a solution:

The default installation tests the "Anomalous usage of 7zip" detection, because it is installed under

/contentctl/detections/endpoint

as the only detection, which is available. But how am I expected to test other already existing detections from the attack range?

Should we copy content from the attack range project into the

/contentctl/detections

directory or how is the workflow?

Background: Before integrating our own detections I would like to see other detections, other examples from attack range which are already tested positiv.

kind regards