Forum Discussion
Generating alerts
Hi all, We've starting rolling out EMS5 to our users, and have deployed the ATP Sensor on our dc's. The daily reports are working as expected but we have yet to see an alert. I've tried the FAQ t...
Hello!
Tried simulating the sensitive group alert but did not get any alert when adding users to domain admins etc... The actions are shown if searched the user from top right corner search bar but it does not alert in the timeline.
Why is that?
Hi Mtee- ,
Suspicious modifications of sensitive groups requires learning period of 4 weeks per DC.
The detection relies on events audited on domain controllers. Make sure your domain controllers are auditing the events needed.
Do you see any data in the Modification to sensitive groups report?
Thanks,
Tali
- Hello.
Thank you for the reply. Apparently my issue is that 4 week learning period.
Created AATP instance a week ago so that is the reason.