Honeypot Account Event Not Triggering Event

All replies

• 

  

  0

  Sign in to vote

  First I would suggest to upgrade to the latest version 1.8 Update 1(1.8.1),

  Second - yes, if the DC you logon against was indeed monitored by ATA Gateway,

  Look both on the Gateway logs and the Center's logs to see if there are any errors that might block the system.

  Also, you can try to simulate DNS recon which is easier, if that doesn't work also, it's more likely a system wide problem.

  see https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshooting-ata-using-logs

  Wednesday, November 29, 2017 8:50 PM
• 

  

  0

  Sign in to vote

  Hello,

  Before viewing the logs, you may first check out that the ATA Gateway/ATA Lightweight Gateway is running, and  communicating with ATA Center correctly. 

  You also can try to use this account on another workstation, and then to see if an alert is generated from ATA.

  In addition, you can find out the logs by referring to the following documentation.

  https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshooting-ata-using-logs

  Best regards,

  Andy Liu

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Thursday, November 30, 2017 10:05 AM
• 

  

  0

  Sign in to vote

  I made the mistake of surprising the alert. Thanks for the suggestions.

  • Marked as answer by LimeCrazy Friday, December 1, 2017 8:28 PM

  Friday, December 1, 2017 8:28 PM