User Profile
af-00001
Brass Contributor
Joined 6 years ago
User Widgets
Recent Discussions
What is going on with ATA?
Hi ATA team, Don't get me wrong I still see the value in ATA, but the value I see it in it is diminishing day by day. There are number of things which are really starting to concern me with this product. No updates for almost a year, possibly longer (I cant find the date 1.9 was released, and 1.9.1 I don't think added any new features) Completely failed during red team exercise (Missed both enumeration and lateral movement), despite feeding back the problems, nothing came from it. So at the point it should deliver value, it provided zero. Which makes me question why do we pay for it? Large known gaps in detections, like zero detection for any enumeration via ldap. Given tools like bloodhound do all their work over ldap this is not good. The integration with 3rd Party SIEMs is basic at best. Alerts via feeds to SIEMs are not stand-alone (ie contain all the information you need), forcing you back to the portal, this simply does work when your SOC is provided by an MSP with lots of clients. If I cant integrate it with our SOC well, I don't get the value from the product I should. I have had support tickets open for over a year, for agents not starting. To the point we have just given up trying to get the agent to run on some of our domain controllers. I have tired reaching out to the product team multiple times with issues, but nothing ever seems to get resolved. It appears to me that all resource goes towards AzureATP, leaving us ATA customers getting the short end of the stick. So what is going on with ATA? Regards James2.1KViews0likes7Comments