locked
types of alerts in advanced threat analytics RRS feed

  • Question

  • Hello Team,

    i am new to ata i  have few questions on ata please help me out of the ata issues.

     

    1. what is sensitive  account   ?

    2. what is the high and medium alert.?

    3. my knowledge some one try to  reconnaissance with  destination  server and will stolen or do attack ?

    4. before going to high alert it will show the medium alert   like reconnaissance is it correct or attacker will directly attack to destination  server ?

    5. i found one incident  identity theft was stolen .it is in the high alert . what would  be the resolution  for this type of issues ?

    Thursday, August 17, 2017 8:39 PM

Answers

  • 1. https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-technical-faq#why-are-certain-accounts-considered-sensitive

    2. It's just a level of severity we have the different alerts, high alerts are considered a bugger risk compared to medium.

    3. not sure I understood the question.

    4. the alert level is bound to the SA type and won't change over time.

    5. Can you share the excel export? there are several alerts that deal with identity theft.

    Thursday, August 17, 2017 9:07 PM
  • Hello,

    Basically, there are various phases in an advanced attack. In each phase, ATA can provide detections for detecting advanced attacks.

    You should get the details about the threats the ATA detecting by referring to the following article.

    https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-threats

    Additionally, the following article should be helpful for understanding ATA suspicious activity alerts.

    https://blogs.technet.microsoft.com/enterprisemobility/2016/11/04/understanding-ata-suspicious-activity-alerts/

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 18, 2017 7:12 AM

All replies

  • 1. https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-technical-faq#why-are-certain-accounts-considered-sensitive

    2. It's just a level of severity we have the different alerts, high alerts are considered a bugger risk compared to medium.

    3. not sure I understood the question.

    4. the alert level is bound to the SA type and won't change over time.

    5. Can you share the excel export? there are several alerts that deal with identity theft.

    Thursday, August 17, 2017 9:07 PM
  • Hello,

    Basically, there are various phases in an advanced attack. In each phase, ATA can provide detections for detecting advanced attacks.

    You should get the details about the threats the ATA detecting by referring to the following article.

    https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-threats

    Additionally, the following article should be helpful for understanding ATA suspicious activity alerts.

    https://blogs.technet.microsoft.com/enterprisemobility/2016/11/04/understanding-ata-suspicious-activity-alerts/

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 18, 2017 7:12 AM
  • Hello Eli thanks for you quick response.

    I will let you know the issues  Monday posts.

    Friday, August 18, 2017 6:24 PM