none
ATA reports events, now what?

    Question

  • Hi,

    1. Is there a way to setup ATA to send email notifications to someone when certain events occur? e.g. pass-the-hash has just happened, notify the admin

    2. Is there a way to setup ATA to execute something when a certain event occurs? e.g. execute a custom powershell script when pass-the-hash is detected

    thank you,

    sk

    Tuesday, July 5, 2016 1:21 AM

Answers

  • Hi,

    1) Within the current version ATA is able to send an notification if an selected event occurs. If something else should also have a notify, you can work with an SIEM and configure the notification there.

    2) Currenly only with SIEM

    Regards

    • Marked as answer by Shim Kwan Sunday, July 10, 2016 9:36 PM
    Tuesday, July 5, 2016 12:06 PM

All replies

  • Hi,

    1) Within the current version ATA is able to send an notification if an selected event occurs. If something else should also have a notify, you can work with an SIEM and configure the notification there.

    2) Currenly only with SIEM

    Regards

    • Marked as answer by Shim Kwan Sunday, July 10, 2016 9:36 PM
    Tuesday, July 5, 2016 12:06 PM
  • Thanks Eli, so does Microsoft have a SIEM solution or product? 

    If not, what are some SIEM recommendations?

    Tuesday, July 5, 2016 9:01 PM
  • Hi,

    not that i know. Buuuuut....

    Splunk, ArcSight, Logrythm, Solarwinds for example

    Regards

    Wednesday, July 6, 2016 6:19 AM
  • I thought I read that QRadar was added in the 1.6 release.
    Friday, July 8, 2016 4:41 PM
  • OK thx guys
    Sunday, July 10, 2016 9:36 PM
  • ATA CAN be (indirectly) set up to launch a custom script when a certain event occurs! As ATA saves alerts to Windows Event Log, you create a Scheduled Task that would be triggered by particular events. All native Windows functionality.
    Sunday, July 17, 2016 11:19 AM