Home

Microsoft Advanced Threat Analytics

54 Conversations

Latest Activity

Custom List Message Item

Hello, do I need configure Port mirror to all domain controllers or just one domain controller by domain or subdomain. example if I have a subdomain with 2 servers, I need configure both servers? Is it possible mix ATA gateway and ATA lightweight Gateway?

... Read More
17 Views
1 Reply

For best results, monitor ALL DC machines in the forest.

you can mix Gateways & Light weight Gateways, this is a common practice.

For light weight you won't need port mir

... Read More
Best Response confirmed by João Garcias (Visitor)

A majority of IT teams use Virtual Private Network (VPN) connections as a method to grant remote users access to corporate resources from outside the company’s network. A VPN connection provides employees flexibility by allowing them to work on the go and

... Read More
522 Views
5 Replies
Any timelines to share on Citrix VPN Netscaler support?

When will you support other VPN vendors like Barracuda NG?  

Hello, need assistance with VPN integration. Using Microsoft Network Policy Server and have setup accounting in my connection policy to send events to multiple gateway se... Read More

Hi there,

I have a quick question about Microsoft Advanced Threat Analytics (ATA), How we can integrate ATA with Cisco ASA( Adaptive Security Appliance) Firewall Logs? and if it's possible what will be the implementation requirements for any organization?

 

... Read More
259 Views
2 Replies

Hi,

ATA does not integrate with FW logs from any vendor. Today it only collects windows event logs from the DCs which can be captured using a supported SIEM or Windows Ev

... Read More

Hi,

I would like to enquire if there is such a feature where ATA can detect unusual sign-in activity, where it can pick up if a user logged in from the US and then from Australia, basically something similar to when Microsoft or google sends a user when it

... Read More
68 Views
1 Reply

Not yet

 

Eli

Hi,

 

We have had Microsoft ATA v1.7 running for around a year now, but recently the services have stopped and will not start. I also noticed that an optional update has been installed to upgrade to v1.8.

 

The service and windows logs state "The Microsof

... Read More
99 Views
3 Replies

Please run on the center machine from mongo's bin folder:

Mongo.exe ATA --eval "var collectionNames = db.getCollectionNames(), indexes = [];collectionNames.forEach(functi
... Read More

Please watch Azure Advanced Threat Protection Demo, this demo shows a real time Active Directory Attack and Azure ATP in action. It covers,


DNS Reconnaissance Attack
OverPass –The Hash to Kerberos TGT (Ticket Granting Ticket)
Access Resource through TGT
Doma

... Read More
106 Views
0 Reply

Please watch Azure Advanced Threat Protection Demo, this demo shows a real time Active Directory Attack and Azure ATP in action. It covers,
DNS Reconnaissance Attack
OverPass –The Hash to Kerberos TGT (Ticket Granting Ticket)
Access Resource through TGT
Domai

... Read More
127 Views
0 Reply

our ATA server trigger the alert and the report show the type of kerberosAp. I would like know what is the meaning of kerberosAp?

71 Views
1 Reply

Kerberos AP typically mean Kerberos Authentication Package.  meaning the logon process and Kerberos authentication steps.

Hi All,

 

We are deploying the ATA environment and challenges are facing for choosing the right gateway for the deployment. ATA capacity planning tool report shows that busy packets/per sec is exceeding the 50000 in one of the DC and there is limitation o

... Read More
137 Views
1 Reply

Hi,

Is this DC a target of DNS or maybe backup or identity sync job?  Is only this DC very high Packets per second?  if so, recommend you look to what is causing the high

... Read More

We know that attackers can often use legitimate tools to take malicious actions. Recent incidents have been perpetrated using a known technique called Remote Code Execution (RCE) to spread malware inside a target network. This technique can be executed us

... Read More
262 Views
0 Reply

Are you interested in getting an early look at the cloud-based version of Advanced Threat Analytics? At the Ignite conference, we announced Azure ATP, a cloud-based version of ATA. You can enjoy your own instance free of charge for 6 months by signing up

... Read More
168 Views
0 Reply

We have ATA 1.7 and while i'm trying to  Upgrade to v1.8 full data Migration and the estimated migration time supposed to be 13 hours and now it's 24 hours and the upgrade still running , any idea ?

104 Views
0 Reply

So, I'm having trouble understanding if Azure ATP is an Update/Addition to Microsoft ATA, or if this is a complete standalone product?

728 Views
5 Replies

its a cloud version of the ATA product.  so you will run ATA OR Azure ATP

Hi

 

Just implemented ATA and the first alert I got was from the MSOL account Azure AD Connect creates from the server it is running on. Is this to be expected?

 

Thanks

T

147 Views
3 Replies

are you expecting Azure AD connect to run on that box?  if yes, then exlude the machine from that detection.

We are receiving alerts that the ATA Lightweight Gateway service is restarting itself to protect the DC from a low memory situation.  I can't find any definitive documentation on what the limit is for this restart to occur.  If a server had 8GB of RAM, wh

... Read More
165 Views
1 Reply
Check out this Ignite session. The presenters talk about this in the sizing section. The Lightweight Gateway will use up to 80%. https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Deploy-and-get-started-with-Microsoft-Advanced-Threat-Analytics/m-p/98684#M226 Read More

We’re pleased to announce a new way to give feedback on Microsoft Advanced Threat Analytics (ATA). Our User Voice site allows you to make suggestions, vote on other people’s suggestions, and stay up-to-date on product roadmaps. Check it out at https://microsoftsecurity.uservoice.com

... Read More
310 Views
0 Reply

If you’re in the business of threat detection, you are probably familiar with the term “golden ticket”. For those less familiar, a golden ticket is the name of a Kerberos ticket that is manually created by an attacker after gaining access to your environm

... Read More
564 Views
0 Reply

I am pleased to announce the 1st version of the ATA 1.7 SCOM Management Pack (v1.7.1.1). This 1st version covers ATA 1.7 and monitors the health of ATA. It is available in English today and we are working on localized versions to be released soon.

 

The M

... Read More
890 Views
2 Replies

When can we expect this to be updated for ATA 1.8?

Hi,

I installed ATA today. And after the first field where to enter my notification address i thought ok. Maybe most people want to use an "outdoor" email box for this.

But then i wanted to "share" an entry with a colleague of mine. And there is also no "pe

... Read More
141 Views
1 Reply

CAn you please send an email to AskCESec [at] microsoft [dot] com.  we can log this as a feature request. but we need some info about your deployment.  We are working on

... Read More

Recently there has been a lot of attention and a few different blog posts (references at the end of the post) regarding the use of Discretionary Access Control List (DACL) for privilege escalation in a Domain environment. This potential attack vector invo

... Read More
222 Views
0 Reply

With the lightweight gateway, we are not seeing user information in the suspicious activity reports.  Do advanced security auditing policies need to be in place? 

 

This activity for instance was a remote execution attempt run in user context.  (script down

... Read More
179 Views
0 Reply

How is everyone receiving release update notifications? The only thing I've heard from support is to subscribe to the blog or the Twitter feed. Would be nice to receive an email notification with release notes attached. 

297 Views
5 Replies
Thanks, I have the mail notification setting, 'Notify When New software update is available,' turned on. Is that all there is to it?

Hi Michael,

The ATA console will alert you where there is an update.  you can also have ATA email you when it detects that update.

Hi volks,

 

I need a little help with ATA usage in China.

 

I would like to deploy ATA lightweight gateways in China an the licensing portal tells me that I'm not allowed to download ATA for deployment and usage in China. What if I deploy the ATA center in Ge

... Read More
137 Views
0 Reply

Hi Microsoft Experts,

 

I have one ATA gateway running 1.8 version and one 2008 R2 DC (both are virtual machines on single 2012 hyper-v edition)

I am following below article to configure port mirroring on ATA gateway server to capture DC network traffic

https://blogs.technet.microsoft.com/networking/2015/10/16/setting-up-port-mirroring-to-capture-mirrored-traffic-on-a-hyper-v-virtual-machine/

... Read More
139 Views
0 Reply

Following a recent deployment of Advanced Threat Analytics (ATA) my client is getting "Remote execution attempt detected" alerts for their Veeam backup service account against several servers. This is a known service account and they would like to exclude

... Read More
167 Views
0 Reply