Home

Microsoft Advanced Threat Analytics

16 Conversations

Latest Activity

Custom List Message Item

How is everyone receiving release update notifications? The only thing I've heard from support is to subscribe to the blog or the Twitter feed. Would be nice to receive an email notification with release notes attached. 

29 Views
1 Reply

Hi Michael,

The ATA console will alert you where there is an update.  you can also have ATA email you when it detects that update.

There's a good article in Dark Reading today by Michael A. Davis:

 

"We've all seen them — you might even have one open right now: an Excel spreadsheet with red, greens, and yellows that tell you where your risk is. You probably follow the simple conventi

... Read More
416 Views
1 Reply
In general, we need to understand the threat model within a domain. For example, in a company when we are assess threats for finance department, protecting Excel and fina... Read More

A bank in Poland previously discovered unknown malware running on several of its computers, exposing a wave of attacks that affected organizations from at least 31 countries.

 

What’s unique about this attack, is the usage of a piece of sophisticated mali

... Read More
365 Views
1 Reply
If they are running entirely on memory, then after restart they will be wiped out. But for many devices , they normally won't restart regularly unless if there is update ... Read More

Hi,

 

 

I am seeing a lot of "Suspicious Activity" in ATA relating to "Reconnaissance using directory services enumeration" from clients and servers.

I believe this was addressed in an earlier build of 1.7, am i safe to assume that these incidences are worthy

... Read More
610 Views
5 Replies

Hi,

As you mentioned this is a known issue with ATA 1.7.
In some cases this suspicious activity can be caused by legitimate security solutions running on endpoints and ser

... Read More
Best Response

Hi there,

I have a quick question about Microsoft Advanced Threat Analytics (ATA), How we can integrate ATA with Cisco ASA( Adaptive Security Appliance) Firewall Logs? and if it's possible what will be the implementation requirements for any organization?

 

... Read More
59 Views
1 Reply

Hi,

ATA does not integrate with FW logs from any vendor. Today it only collects windows event logs from the DCs which can be captured using a supported SIEM or Windows Ev

... Read More

I am pleased to announce the 1st version of the ATA 1.7 SCOM Management Pack (v1.7.1.1). This 1st version covers ATA 1.7 and monitors the health of ATA. It is available in English today and we are working on localized versions to be released soon.

 

The M

... Read More
44 Views
0 Reply

We're currently running ATA version 1.7.5757.57477 and as I was following along with the ATA Playbook, I performed three commands to see if I could generate the alerts in ATA:

 

  1. nslookup ls -d <domain> (this failed)
  2. net user /domain (this failed)
  3. net group /d
... Read More
255 Views
16 Replies

Are you running the runbook on a Server or on a client OS ?

Hi
 
I ran through the playbook today but I had a few issues. 
 
Step 9: Powersploit appears to have a bug with Powershell 5.0 that mean the Get-NetLocalGroup cmdlet doesn't work (obviously not the ATA playbook authors fault, just putting it out there)
 
Step 1

... Read More
176 Views
1 Reply

We`re glad you liked the Playbook, and thanks for shouting out, Robert. I`m sure @Ophir Polotsky@Hadi Inja, @Michael Dubinsky@Benny Lakunishok, and @Ryan Heffernan wi

... Read More

I have several clients who have purchased thousands of EM+S licenses, but they did not purchase a license for everyon of their employees i.e., they did not purchase licenses for employees that seldom use a computer.

 

What is the appropriate way to use and

... Read More
476 Views
7 Replies

Hi Dean,

 

As mentioned by Peter, the ATA product does not have flexability with regards to number of licensed seats. The licensing requirment is to have a valid license

... Read More

for all other user that have no EM+S you can purchase a

Standalone license - Open L&SA

https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics-pricing

Read More

@Hadi Inja may help with the licensing inquiry.

EMS+ is all about identity Security and NOT pc/computer centric. One licens pr user. 


Dean Gross wrote:

I have several clients who have purchased thousands of EM+S licenses

... Read More

ATA Attack Simulation playbook is now available to download here.

 

 

228 Views
3 Replies

Great Playbook indeed, thanks for sharing @Ophir Polotsky! According to the ATA team they`ve written this playbook so it contains:

 

  1. A step-by-step guide to simulating d
... Read More
Thanks for share! :)
Thanks for sharing!

Hi,

 

the the max pps supported by the ATA Center is 400 k.

if you have more than 400 k can you deploy in an hierachical mode?

 

max ppp in LGW is 10k this are hadcoded values or best practicies?

 

ther will be a new version with more capacity?

Read More
120 Views
2 Replies

Potentially even with 1.7 you can support more than 400K pps, we are in the progress of updating the docuementation for that actauly.
What is the amount you are dealing wi

... Read More

Hi,

if you have more than 400 k can you deploy in an hierachical mode? No. You can deploy multiple Centers (based on Geo/Domains/etc') and send alerts from all Centers to

... Read More

Hi,

My name is Michael Dubinsky and I lead the product and security research teams for Microsoft ATA.

 

I'm super excited to start the TechCommunity for ATA. Working together with each and everyone of our customers, partners and the entire community is wh

... Read More
112 Views
0 Reply

Lead security engineer, Michael Dubinsky demonstrates Microsoft Advanced Threat Analytics. He goes over attack scenarios shows how ATA detection works in near-real time. Also goes over how ATA integrates with existing SIEM solutions. 

 

Read More
207 Views
1 Reply
Really nice video about ATA features!

Watch Michael Dubinsky onstage at Microsoft Ignite conducting real-life hacks, and showcasing how Advanced Threat Analytics detects advanced targeted attacks.

 

https://www.youtube.com/watch?v=pt7nsmriloQ

 

Read More
192 Views
0 Reply