Home

Microsoft Advanced Threat Analytics

45 Conversations

Latest Activity

Custom List Message Item

Are you interested in getting an early look at the cloud-based version of Advanced Threat Analytics? At the Ignite conference, we announced Azure ATP, a cloud-based version of ATA. You can enjoy your own instance free of charge for 6 months by signing up

... Read More
33 Views
0 Reply

We have ATA 1.7 and while i'm trying to  Upgrade to v1.8 full data Migration and the estimated migration time supposed to be 13 hours and now it's 24 hours and the upgrade still running , any idea ?

25 Views
0 Reply

So, I'm having trouble understanding if Azure ATP is an Update/Addition to Microsoft ATA, or if this is a complete standalone product?

292 Views
5 Replies

its a cloud version of the ATA product.  so you will run ATA OR Azure ATP

Hi

 

Just implemented ATA and the first alert I got was from the MSOL account Azure AD Connect creates from the server it is running on. Is this to be expected?

 

Thanks

T

58 Views
3 Replies

are you expecting Azure AD connect to run on that box?  if yes, then exlude the machine from that detection.

We are receiving alerts that the ATA Lightweight Gateway service is restarting itself to protect the DC from a low memory situation.  I can't find any definitive documentation on what the limit is for this restart to occur.  If a server had 8GB of RAM, wh

... Read More
96 Views
1 Reply
Check out this Ignite session. The presenters talk about this in the sizing section. The Lightweight Gateway will use up to 80%. https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Deploy-and-get-started-with-Microsoft-Advanced-Threat-Analytics/m-p/98684#M226 Read More

We’re pleased to announce a new way to give feedback on Microsoft Advanced Threat Analytics (ATA). Our User Voice site allows you to make suggestions, vote on other people’s suggestions, and stay up-to-date on product roadmaps. Check it out at https://microsoftsecurity.uservoice.com

... Read More
236 Views
0 Reply

If you’re in the business of threat detection, you are probably familiar with the term “golden ticket”. For those less familiar, a golden ticket is the name of a Kerberos ticket that is manually created by an attacker after gaining access to your environm

... Read More
468 Views
0 Reply

I am pleased to announce the 1st version of the ATA 1.7 SCOM Management Pack (v1.7.1.1). This 1st version covers ATA 1.7 and monitors the health of ATA. It is available in English today and we are working on localized versions to be released soon.

 

The M

... Read More
778 Views
2 Replies

When can we expect this to be updated for ATA 1.8?

Hi,

I installed ATA today. And after the first field where to enter my notification address i thought ok. Maybe most people want to use an "outdoor" email box for this.

But then i wanted to "share" an entry with a colleague of mine. And there is also no "pe

... Read More
79 Views
1 Reply

CAn you please send an email to AskCESec [at] microsoft [dot] com.  we can log this as a feature request. but we need some info about your deployment.  We are working on

... Read More

Recently there has been a lot of attention and a few different blog posts (references at the end of the post) regarding the use of Discretionary Access Control List (DACL) for privilege escalation in a Domain environment. This potential attack vector invo

... Read More
162 Views
0 Reply

With the lightweight gateway, we are not seeing user information in the suspicious activity reports.  Do advanced security auditing policies need to be in place? 

 

This activity for instance was a remote execution attempt run in user context.  (script down

... Read More
101 Views
0 Reply

How is everyone receiving release update notifications? The only thing I've heard from support is to subscribe to the blog or the Twitter feed. Would be nice to receive an email notification with release notes attached. 

211 Views
5 Replies
Thanks, I have the mail notification setting, 'Notify When New software update is available,' turned on. Is that all there is to it?

Hi Michael,

The ATA console will alert you where there is an update.  you can also have ATA email you when it detects that update.

Hi volks,

 

I need a little help with ATA usage in China.

 

I would like to deploy ATA lightweight gateways in China an the licensing portal tells me that I'm not allowed to download ATA for deployment and usage in China. What if I deploy the ATA center in Ge

... Read More
86 Views
0 Reply

Hi Microsoft Experts,

 

I have one ATA gateway running 1.8 version and one 2008 R2 DC (both are virtual machines on single 2012 hyper-v edition)

I am following below article to configure port mirroring on ATA gateway server to capture DC network traffic

https://blogs.technet.microsoft.com/networking/2015/10/16/setting-up-port-mirroring-to-capture-mirrored-traffic-on-a-hyper-v-virtual-machine/

... Read More
100 Views
0 Reply

Following a recent deployment of Advanced Threat Analytics (ATA) my client is getting "Remote execution attempt detected" alerts for their Veeam backup service account against several servers. This is a known service account and they would like to exclude

... Read More
109 Views
0 Reply

Hi all,

 

Has anyone come up with a reasonable DR plan for ATA? Reasonable meaning, something beyond backing up the MongoDB, the config and in a DR event, building a new Center server. I already use a generic named with certs for the existing center server,

... Read More
122 Views
0 Reply

Hi,

 

Quick question that I can't find the answer to. When ATA pops up an alerts for some activity that it found, once the underlying system that created the activity is remediated, how long before the alert will be updated and the activity will removed? So

... Read More
90 Views
1 Reply

Hi Kevin,

The Suspicous Activities (alerts) do not auto-close.  Once you fix the issue, you need to close the suspicous acitvity.

Hello,

I wanted to give some feedback to the ATA team, and also see what the community thinks at the same time.

 

In ATA v 1.6 there was a notes feature for each event. In v 1.7, to our surprise, this function has disappeared.

 

This was how we were documentin

... Read More
115 Views
1 Reply

Hi Bill,

the feature is not back in 1.8.  Can you please email me directly ndicola AT microsoft dot com.

Since our upgrade to 1.8 a few weeks back, we've seen an intersting email blast issue.  When certain lightweight gateways become unresponsinve (seen also with Windows updates being applied), ATA sends thousands of health alerts per hour.

 

Anyone seen anyth

... Read More
151 Views
2 Replies
Wow! Thankfully, I have not run into that issue just yet. I do get an alert when ATA loses connectivity to a gateway, but just the one.

The General Data Protection Regulation (GDPR) strengthens the right of individuals in the European Union (EU) to control their personal data and requires organizations to bolster their privacy and data protection measures. Enterprise Mobility + Security (

... Read More
607 Views
0 Reply

I just Ran a small test on our network and this is what came out after 30 minutes.

It seems ATA Lightweight Gateway is out of the question,

image001.png

Read More
176 Views
2 Replies

Teus,

Thats not 100% correct.  Looks like mosts of yours can be LWGW just need a few additional resources.  is it possible to add those recommended CPU and memory to the

... Read More

We are pleased to announce the general availability of Microsoft Advanced Threat Analytics (ATA) v1.8. This is a key release for our customers with several new features and improvements.

 

Cyberattacks continue to get more sophisticated, and so in turn, w

... Read More
744 Views
3 Replies

My ATA server is running on server 2016 core, so I can't exactly launch the update gui and force it to check for updates from microsoft.  I'm not seeing this update avail

... Read More

Since we first implemented ATA a few months ago, it's periodically had an alert about one computer or another with a broken trust relationship.  However, when I follow up on that alert I can find no sign of a problem with the computer.  I don't see anythi

... Read More
229 Views
0 Reply

Hi,

My name is Michael Dubinsky and I lead the product and security research teams for Microsoft ATA.

 

I'm super excited to start the TechCommunity for ATA. Working together with each and everyone of our customers, partners and the entire community is wh

... Read More
462 Views
2 Replies
THis is Zeyad from INC tech - Kuwait After we configure ATA , we get only the below alert "Gateway not receiving network traffic The Gateway INC-ATA is not receiving mirr... Read More

Check out this new video from Yoann Mallet, which will help you choose the right gateway type with Advanced Threat Analytics (ATA). This is the most important decision to be made when deploying ATA. The video contains guidance on how to make that decision

... Read More
150 Views
0 Reply