locked
ATA lightweight Gateway deployment Question RRS feed

  • Question

  • I ran the sizing tool in my vmware environment and it says I am able to deploy all lightweight gateways to all the DC's. My question is, does this means to analyze what ATA has found, I have to go to each DC and look at ATA, then move to the next box and so on?
    Monday, May 14, 2018 2:51 PM

All replies

  • What do you mean by "look at ATA" ?

    Monday, May 14, 2018 3:07 PM
  • What do you mean by "look at ATA" ?

    I mean after the installs are complete and you want to analyze ATA for threats on the DC's, how does that differwith the two gateways?
    Monday, May 14, 2018 3:39 PM
  • Once the Gateway service is installed, you don't need to be on the DCs any more.

    The Gateways are forwarding the relevant data to the Center machine,

    they you can browse the ATA Console from any machine that has network access to the Center machine,

    And there you can see all the relevant data for all the DCs you have monitored.

    Is a suspicious activity is reported, it will tell you which DCs were involved. 

    Monday, May 14, 2018 3:47 PM
  • Hello,

    There are two components for ATA: Gateway/Lightweight Gatewy, and ATA Center.

    Both of the Gateway or Lightweight Gateway are used for collecting and parse the data, and send the processed data to the ATA Center for analyzing.

    Thus, to analyze the suspicious activities, you should visit the ATA Center.

    Please refer to the following article for getting an overview of ATA architecture.

    https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-architecture

    Best regards,

    Andy Liu

     


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 15, 2018 8:21 AM