Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

ATA and Exchange OWA brute-force attack

Brass Contributor

we were hit with a brute-force attack on our exchange server last week but ATA did not detect anything wrong.  should it have warned me that a single IP address was logging into our exchange server (via OWA) all day and night with different user accounts?

1 Reply

@James Auman 

Which exact version of ATA ?

Any health issues reported in the console?

Do you have full DC coverage with Gateways?

How many different accounts were attempted ? how many of them were existing accounts?

during which time span?

 

The fact that this was a single IP with many attempts would not alone trigger an alert or we would have alerted on many false positives... 
Answers to above questions might give more clarity about what happened...