Microsoft Advanced Threat Analytics announcement
-
Link
Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.
For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .
For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet
-
0 VotesDatabase Size Getting Big
I am running ATA version 1.9.7412.9649. The MongoDB is at 51 GB. What are my options for shrinking the database? I need to clear up space on the server. Thank you!Unanswered | 6 Replies | 166 Views | Created by J_2017 - Tuesday, September 24, 2019 6:49 PM | Last reply by Eli Ofek - Tuesday, October 1, 2019 9:14 PM
-
0 Votes
Update ATA Lightweight Gateway questions
I am looking to apply update 2 (from 1.9 build 1.9.7312) and wanted to know a little bit more about the process, specifically for the lightweight gateways on the DC's. It appears to be ...Unanswered | 4 Replies | 154 Views | Created by ManofMarsh - Sunday, September 22, 2019 11:27 PM | Last reply by ManofMarsh - Tuesday, October 1, 2019 3:02 PM -
1 Votes
ATA MongoDB encryption at rest
Hi, I have been asked by a Security Team if the data stored in the ATA MongoDB is encrypted at rest. I cannot find this information anywhere. I know that MongoDB that uses ...Answered | 1 Replies | 103 Views | Created by Stuart Townsend - Thursday, September 26, 2019 1:28 PM | Last reply by Eli Ofek - Thursday, September 26, 2019 2:45 PM -
0 Votes
Reconnaissance using directory services queries
Hi all, Can you please help me with this alert? It triggered in the ATA portal. I do not know how to clear it. Please help me understand and clear this alert. I ...Unanswered | 1 Replies | 109 Views | Created by fermelr - Monday, September 23, 2019 8:46 AM | Last reply by Eli Ofek - Monday, September 23, 2019 11:43 AM -
0 Votes
ATA Update available but not showing on Windows Update
Hello, My ATA Center tells me there is an update available and I can use Microsoft Update to download and install it. My current version is 1.9.7312.32791 and the ...Unanswered | 2 Replies | 169 Views | Created by netdiag - Monday, September 16, 2019 4:55 PM | Last reply by Udara Kaushalya - Friday, September 20, 2019 3:52 PM -
0 Votes
Kerberoasting a Honeytoken - Suspicious Activity Raised?
If an attacker requests a service ticket for a Honeytoken account (not attempting a logon, just asking for a service ticket) should that generate a suspicious activity?Unanswered | 4 Replies | 250 Views | Created by H Kelley - Thursday, August 29, 2019 7:52 PM | Last reply by H Kelley - Friday, September 13, 2019 1:00 PM -
0 Votes
Enabling log monitoring & setting up using SIEM.
Hi there, I am planning on setting more logging options using SIEM tool. I found a document in one of the Microsoft websites sometime ago which explains about enabling ...Answered | 3 Replies | 239 Views | Created by mywindows - Wednesday, September 4, 2019 4:44 PM | Last reply by mywindows - Wednesday, September 11, 2019 6:56 PM -
0 Votes
Forwarding events still usable?
Hi there, we've just enabled event-forwarding for our ATA deployment (version 1.9.7478.57683). It looks like the events are not processed since there are no ...Answered | 1 Replies | 172 Views | Created by m.glende - Wednesday, September 11, 2019 2:51 PM | Last reply by Eli Ofek - Wednesday, September 11, 2019 6:36 PM -
0 Votes
WINDOWS 10 SERVICES, START NAME UNAVAILABLE, USERDATA STORAGE_1116fec UNISTACKSVCGROUP
CAN ANYONE IDENTIFY THESE SERVICES RUNNING ON MY WINDOWS TEN PRO: THE START NAME SAYS NOT AVAILABLE AND THE SERVICE TYPE IS UNKNOWN AND THEY WILL NOT ALLOW ...Unanswered | 1 Replies | 206 Views | Created by XRTWE8127 - Saturday, September 7, 2019 12:54 AM | Last reply by Andy Liu50 - Monday, September 9, 2019 2:03 AM -
0 Votes
Group Policy Drive Mappings taking 70 seconds
Hello, I'm having an issue with one of the staff where i work, where the Drive mappings from group policy take 70 seconds. I've checked the event viewer of the ...Unanswered | 1 Replies | 164 Views | Created by Blackholden99 - Thursday, September 5, 2019 10:16 AM | Last reply by Andy Liu50 - Friday, September 6, 2019 1:14 AM -
0 Votes
SAMRi10 - SAMR calls on Windows 10 logoff
We are looking into activating the GPO setting "Restrict clients allowed to make remote calls SAM" to prevent recon attacks on our domain controllers. ...Unanswered | 2 Replies | 263 Views | Created by Ad_min - Wednesday, September 4, 2019 10:32 AM | Last reply by Ad_min - Thursday, September 5, 2019 6:58 AM -
0 Votes
Need a clean way to distinctly identify between RDP and TS sessions.
We are using Win32 APIs ProcessIdToSessionId and GetSystemMetrics(SM_REMOTESESSION) to identify whether the session is remote or local. But we currently don’t have a clean way ...Answered | 1 Replies | 186 Views | Created by Phoon_2010 - Wednesday, September 4, 2019 9:43 AM | Last reply by Andy Liu50 - Thursday, September 5, 2019 12:30 AM -
0 Votes
ATA - Event ID 7031 - The MS ATA Gateway service terminated unexpectedly (only on 2016 servers).
ATA Version 1.9.7478.57683 This is only happening on our Server 2016 boxes (2012 R2 boxes are fine) where the service restarts on Monday's at 2:45 PM ONLY. We ...Unanswered | 1 Replies | 198 Views | Created by Spd-demon - Tuesday, September 3, 2019 7:05 PM | Last reply by Eli Ofek - Tuesday, September 3, 2019 7:56 PM -
0 Votes
Is there a way synchronize historical event log into ATA?
So we just reinstalled our DCs for some reason, but we kept the old dc server instances, so did the event logs. Since "The ATA Center requires a recommended ...Unanswered | 1 Replies | 178 Views | Created by uihih - Tuesday, September 3, 2019 1:38 PM | Last reply by Eli Ofek - Tuesday, September 3, 2019 3:12 PM -
0 Votes
Sensitive Group change information
Hi all is some how possible to send immediately mail when some of sensitive group are changed? Now we get this info only in summarize ...Unanswered | 3 Replies | 231 Views | Created by KONIKPK - Tuesday, August 27, 2019 8:25 AM | Last reply by Ohad Plotnik-Aorato - Tuesday, September 3, 2019 12:33 PM -
0 Votes
Malware
Anybody with Idea about SETO file extensmion. All my files turned into SETO extension, is this a malware? Please help if you know how to fix ...Unanswered | 4 Replies | 507 Views | Created by Dennis Epson - Monday, September 2, 2019 1:05 PM | Last reply by Udara Kaushalya - Tuesday, September 3, 2019 12:59 AM -
0 Votes
Auditing SAMR queries
We have been seeing an abnormally high detections of reconnaissance of AD using the SAMR protocol. According to the ATA documentation on Suspicious activity guide, it recommend using the SAMRi10 ...Proposed | 3 Replies | 3644 Views | Created by Evers_mark - Wednesday, November 15, 2017 4:06 PM | Last reply by Ad_min - Wednesday, August 28, 2019 2:22 PM -
0 Votes
Network Activities tab in download details of the ATA alert.
After upgrading to Version 1.9.7478.57683, our incident response team has noticed that the Network Activities tab is missing from some of the alerts like "Suspicion of identity theft ...Unanswered | 7 Replies | 359 Views | Created by Ed Healea - Wednesday, August 7, 2019 8:39 PM | Last reply by Eli Ofek - Tuesday, August 27, 2019 8:00 PM -
0 Votes
Runbook for common alerts
Hi We have moved to office 365 and are using Azure ATP, Defender ATP and CASB (Clouid app security) security portals We are getting spammed with ...Unanswered | 1 Replies | 265 Views | Created by confuseis - Sunday, August 25, 2019 10:50 AM | Last reply by Andy Liu50 - Monday, August 26, 2019 2:24 AM -
0 Votes
Users from trusted forests/domains not resolving in ATA console - showing as unknown.
We recently went through a user migration from a forest root domain into another external, trusted domain. Since doing so if a user from the remote forest creates activity that ...Unanswered | 3 Replies | 238 Views | Created by Paul May - Tuesday, August 20, 2019 12:46 PM | Last reply by Eli Ofek - Wednesday, August 21, 2019 11:21 AM - Items 1 to 20 of 1132 Next ›
Microsoft Advanced Threat Analytics announcement
-
Link
Here you can find discussions on Microsoft Advanced Threat Analytics or ask a question to the community.
For official product support, please contact Microsoft Customer and Services Support via http://support.microsoft.com .
For the latest product documentation, please check our TechNet library at: http://aka.ms/ata-technet
