locked
ldap server in ata RRS feed

  • Question

  • Hello team i found  abnormal logins in to particular servers.

    if i am trying to see i found ldap server and hosts .

    what is the ldap server means its reflecting to ad server and other server s ?

    Friday, August 18, 2017 7:15 PM

Answers

  • Hello,

    Basically, the alert is generated because certain user account exhibited abnormal behavior, which were not seen over the last days. 

    For example, the user login to abnormal workstations, and access abnormal resources.

    In my opinion, you can take an investigation to this user account. 

    By the way, how long did the ATA monitor in the organization?


    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 23, 2017 9:49 AM

All replies

  • Hello,

    Do you mean there are lots of abnormal logins to ldap server?

    Could you please share the exact alert, which is generated by ATA?



    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 21, 2017 8:56 AM
  • Do you mean there are lots of abnormal logins to ldap server?

    yes

    Could you please share the exact alert, which is generated by ATA?

    Identity theft observing abnormal behaviour.

    Monday, August 21, 2017 5:46 PM
  • Hello,

    Basically, the alert is generated because certain user account exhibited abnormal behavior, which were not seen over the last days. 

    For example, the user login to abnormal workstations, and access abnormal resources.

    In my opinion, you can take an investigation to this user account. 

    By the way, how long did the ATA monitor in the organization?


    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 23, 2017 9:49 AM
  • We are monitoring from  past two weeks.

    we are new to ata .

    Friday, August 25, 2017 3:40 PM