Forum Discussion
ATA LWG not reading Bruteforce Attacks
Hi Marc,
Which protocol did you use? NTLM or Kerberos?
I guess NTLM because you see the events in the DC, do you see events 4776?
You can see here the configurations that should be validated: https://docs.microsoft.com/en-us/advanced-threat-analytics/install-ata-step6
The LWGW supposed to read these events automatically.
Thanks,
Tali
Hi Tali,
Thank you for your answer. I can see the events 4776, however no attacks have been detected.
- Tali AshOct 09, 2018Former Employee
Hi Marc,
From where did you try to generate the BF?
If normally a lot of users authenticate from this machine we won't generate BF from it.
Thanks,
Tali
- marc.biessyOct 09, 2018Copper Contributor
I tried to generate the traffic from two different machine, first a client connected to the domain, then from the ATA Center.
I generated more than 100 error logs, which is abnormal for the account, but it wasn't reported. How does the Gateway count for user account that are locked out but for which there are still brute force attempts ?