Installing Azure ATP

%3CLINGO-SUB%20id%3D%22lingo-sub-672065%22%20slang%3D%22en-US%22%3EInstalling%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-672065%22%20slang%3D%22en-US%22%3E%3CP%3EI%20need%20help%20understanding%20how%2Fwhere%20the%20logs%20are%20sent%20to%20from%20EV%20from%20Azure%20ATP.%26nbsp%3B%20%26nbsp%3BWe%20currently%20have%20MS%20ATP%20running%20on%20all%20our%20DCs%20which%20is%20configured%20to%20push%20logs%20to%20our%20MS%20ATA%20Console%20Server.%3C%2FP%3E%3CP%3EMy%20Question%20is%20for%20the%20Azure%20ATP%20setup%20do%20I%20need%20to%20configure%20a%20server%20to%20host%20logs%20or%20are%20the%20logs%20seen%20through%20Azure%20Portal%3C%2FP%3E%3CP%3EI%20understand%20that%20first%20I%20must%20create%20Azure%20ATP%20instance%2C%20provide%20a%20username%20and%20PW%20to%20connect%20to%20our%20on-premise%20AD%2C%20then%20install%20and%20configure%20the%20Azure%20ATP%20sensors%20on%20all%20DCs%3C%2FP%3E%3CP%3ESo%20would%20I%20only%20need%20to%20login%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fportal.atp.azure.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Eportal.atp.azure.com%3C%2FSPAN%3E%3C%2FA%3E%26nbsp%3B%20to%20access%20event%20viewing%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20confirm%20I%20do%20NOT%20need%20an%20additional%20server%20to%20install%20the%20ATP%20console%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-672246%22%20slang%3D%22en-US%22%3ERE%3A%20Installing%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-672246%22%20slang%3D%22en-US%22%3EI%20found%20the%20answer%3A%20Azure%20ATP%20is%20the%20cloud-based%20version%20of%20Advanced%20Threat%20Analytics%20(ATA).%20ATA%20is%20an%20on-premises%20product.%20Deploying%20ATA%20involves%20installing%20an%20ATA%20server%20in%20your%20environment.%20Azure%20ATP%20is%20cloud-based%2C%20and%20requires%20no%20additional%20on-premises%20servers.%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I need help understanding how/where the logs are sent to from EV from Azure ATP.   We currently have MS ATP running on all our DCs which is configured to push logs to our MS ATA Console Server.

My Question is for the Azure ATP setup do I need to configure a server to host logs or are the logs seen through Azure Portal

I understand that first I must create Azure ATP instance, provide a username and PW to connect to our on-premise AD, then install and configure the Azure ATP sensors on all DCs

So would I only need to login to portal.atp.azure.com  to access event viewing?

 

I want to confirm I do NOT need an additional server to install the ATP console

 

1 Reply
Highlighted
I found the answer: Azure ATP is the cloud-based version of Advanced Threat Analytics (ATA). ATA is an on-premises product. Deploying ATA involves installing an ATA server in your environment. Azure ATP is cloud-based, and requires no additional on-premises servers.