locked
Advance Threat Analytics syslog /services RRS feed

  • Question

  • Does ATA support Tripwire for syslog alerting. If Tripwire support CEF format, i guess this will be compatible, but please confirm Microsoft. Finally Does ATA only needs the following Windows events to be read by the ATA lightweight : 4776, 4732, 4733, 4728, 4729, 4756, 4757

    Do we need to add any other services like file server, database server, application server to be monitored by ATA lightweight gateway? I noticed this from the ATA Architecture diagram
    Tuesday, October 17, 2017 12:22 PM

All replies

  • Hello,

    You should work with your Tripwire admin, and determine the format in which to send the data, RFC 3164 or 5424. ATA can support both of them. 

    Yes. Since from ATA 1.8, ATA Lightweight gateway can read events locally, the events include 4776, 4732, 4733, 4728, 4729, 4756, 4757.

    You don't need to add any other services being monitored by ATA Lightweight gateway. ATA Lightweight gateway only can monitor the traffic on the domain controller, and read the events mentioned above. 

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 18, 2017 7:37 AM
  • Thanks. Do i need to add any other services to be monitored by ATA Gateway, not the Lightweight Gateway? Thanks.
    • Edited by Darker007 Wednesday, October 18, 2017 8:56 AM
    Wednesday, October 18, 2017 8:56 AM
  • Thanks. Do i need to add any other services to be monitored by ATA Gateway, not the Lightweight Gateway? Thanks.
    Wednesday, October 18, 2017 8:56 AM
  • Hello,

    No, you don't need to add other services to be monitored by ATA Gateway.

    ATA Gateway only monitors the domain controllers by capturing the traffic to and from the domain controllers. Also, ATA Gateway can receive the events either from the SIEM servers or domain controllers with event forwarding configured.

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 18, 2017 9:07 AM