Forum Discussion
ATA Directory Services Account Behavior
(please see the two screenshots attached) Hello. I am seeing a large number of successful 4624 logon type 3 events coming from one of my Windows machines (a non-ATA related server), and the logon ac...
This the Gateway is querying the machines on the network to get a list of members of the local administrators group. This information is used for ATA to understand when a there is a potential lateral movement path (LMP)
When a sensitive user logs in to a machine ATA will calculate if there is a potential LMP and the membership of the local administrator group from the machines on the network are required.
For more information on LMP see - https://docs.microsoft.com/en-us/advanced-threat-analytics/use-case-lateral-movement-path
Best
Gershon [MSFT]
Gerson LevitzThank you!
