Oct 11 2018 09:40 AM - edited Oct 15 2018 10:33 PM
I can't seem to find one, but I'm wondering what the timing is for a Management Pack for ATP? Or if there is a third party solution?
The ATA management pack is simple, but exactly what I need. It surfaces all alerts into the SCOM so that can be my single pane of glass. I'd like to have that for ATP so that there is one less portal I have to check.
Any suggestions or workarounds are welcome!
EDIT: UserVoice suggestion for a SCOM MP: https://microsoftsecurity.uservoice.com/forums/905791-azure-advanced-threat-protection-ata-in-the-cl...
Oct 11 2018 10:18 AM
Hi
We dont have a MP for Azure ATP. The ATA MP uses events from the ATA center so that wouldn't be possible in AATP as there is not ATA center.
My recommendation would be to look at collecting syslog with SCOM. Then have AATP send syslog to SCOM.
http://cornasdf.blogspot.com/2010/06/syslog-monitoring-walkthrough-with.html
Oct 11 2018 10:26 AM
Oct 15 2018 05:02 AM
Oct 15 2018 05:44 AM
No roadmap or timeline. we have no plans for an AATP MP.
There is no HA option for the Sensors.
Oct 15 2018 10:27 PM
That's really a shame. I'll leave a suggestion on UserVoice.
Oct 15 2018 10:33 PM
Vote here for a AATP Management Pack for SCOM: https://microsoftsecurity.uservoice.com/forums/905791-azure-advanced-threat-protection-ata-in-the-cl...