Microsoft Sentinel users, are you looking for a way to validate analytic and automation rules? A simulated attack can help! By performing a simple Privilege Escalation attack on your resource, you can test whether an incident is created that matches the rule's criteria. This approach allows you to quickly verify that your rules are working correctly.

Source: https://dev.to/vincenthyacienth/how-to-perform-a-simulated-attack-to-validate-the-analytic-and-automation-rules-493f